CN1361882A

CN1361882A - Methods and apparatus for protecting information

Info

Publication number: CN1361882A
Application number: CN00809527A
Authority: CN
Inventors: 迈克尔·O·罗宾; 丹尼斯·E·莎莎
Original assignee: Individual
Current assignee: Individual
Priority date: 1999-05-05
Filing date: 2000-05-02
Publication date: 2002-07-31
Also published as: EP1180252A2; US7073197B2; WO2000072119A3; HK1047803A1; AU4813700A; WO2000072119A2; US6697948B1; CA2368861A1; US20040128515A1; AU767286B2; MXPA01011201A; JP2003500722A; US20040133803A1; NZ515938A; US7131144B2

Abstract

Methods and apparatus to enable owners and vendors of software to protect intellectual property and to charge per-use. The system produces a unique tag for every instance of software. Each user device runs a supervising program that ensures, by use of the tag, that no software instance will be used infringing on the software owner's rights. When installing or using a software instance, the supervising program verifies the associated tag and stores the tag. When installing or using untagged software, the supervising program fingerprints selected portions of the software and stores the fingerprints. A user device's supervising program periodically calls up, or is called up by a guardian center. The guardian center detects unauthorized use of software by comparison of current call-up data with records of past call-ups. The guardian center completes the call-up by enabling or disabling continued use of the monitored software instances.

Description

The method and apparatus of protection information

Background technology of the present invention

The piracy of software or information refers to use or copy in without the situation of the creator of this software or information or legal possessory mandate a kind of behavior of this software or information. Pirate the most in vogue in the computer software application field, people make the not copy of the illegal software application of license continually. These can use for the individual, produce and obtain commercial interest after using copy. The piracy of other type comprises copy information, for example electronically readable version or the e-book of music disc, document. In a word, piracy has been caused the loss in more than one hundred million dollars of commercial every year.

Software and information technology industry are by responding pirate threat with the scheme of locking. The scheme of locking comprises that software locks mechanism, licensing and special hardware device stop the illegal use of software, information or whole electronic equipment. These pattern attempts stop the adversary can freely copy software.

A variety of software locks mechanism are arranged. For example, a factory can use unique key (key) encryption section software program. The client who has bought this software obtains key, and this key allows to move after this software decryption. An example of the mechanism of this software protection is exactly to carry when buying software program " certificate of certification ", the Microsoft Windows 98 that is for example made by State of Washington RedMond Microsoft. Certificate of certification is specified a unique production number. In the middle of the process of mounting software, software program needs this production number and must correctly be inputted by the user. If number being complementary of the production number of input and application program expectation, the copy of this application program are considered to legal and can be mounted and normal the use. If input is number incorrect, software can not be mounted.

The pirate protection scheme of hardware is finished by PORT COM usually at the additional equipment of processor. The hardware device of these types is referred to as usually " dongles ", an example of hardware protection scheme is U.S. Patent number 3,996,449, this patent disclosure a kind of method whether differentiate operation program or subprogram on computers effective. In this system, hash function is used on user's the identity code or key, and the text of the program self in the hardware check equipment of a special reinforcing. Whether the end value of checkout facility comparison hash function and a validation value come the determining program text correct, if correct during text, program can be moved at this equipment.

The hardware-related method of another one is the unique identifier of processor distribution to each performing a programme. Like this, come to encode to software program with the identity of the identifier of the processor of appointment. If other processor identifiers is not provided to this software, it just can not operate on other the processor. Obviously, when attempt during at this software of one and this software processor that it doesn't matter operation, this system can provide the restriction in the use. Network that can use authority is monitored the number distribution mechanism, this network with one group of software and a specific processor identifiers to related.

Except above-mentioned electronic hardware and computer software application and data protection mechanism, almost there is not too large progress to protect can be by the piracy of the coded message of other type of electronic equipment access such as disc etc. The characteristics of summary of the present invention this area prior art system

Ran into a lot of problems about the illegal use of protection software and information in the past. The problem that the system of use authentication or key runs into is that a key permission program is used and has no idea to stop the copy to key without restriction. Just because of this, the owner of software copy can pass to other people together with key or certificate and software or information, and other people can use this certificate or key installation and operation software or access information. If a key only allows to use once, can solve so the problem of copy, all must the different key of input but use each time. In order to satisfy the coml demand, most of programs need to be used repeatedly.

Software locks can be cracked equally easily in personal computer, because the owner of machine has sufficient condition and the time lock that cracks. It is because the designer of hardware need to just know the characteristic of protected software before hardware device production that the hardware protection scheme lacks flexibility. Moreover, if use the different software of different hardware protection mechanism to need operation, must provide different single hardware devices. The custom hardware protection needs the certain cost of cost, and the client finds that the hardware protection scheme uses difficulty simultaneously; These factors have stoped the extensive popularization of hardware protection mechanism.

The hardware protection scheme has limited software has been moved on to flexibility on another equipment from an equipment. The user may not buy software before buying computer equipment, because they also do not know the identification information of equipment. Hardware manufacturer may user cheating, and a sign is distributed many machines. At last, experienced hacker may forge the sign of hardware device or change software by reverse Engineering Technology and make it can not check the identifier of hardware.

The characteristics of embodiment of the present invention

The present invention has overcome these and other problem. The owner of software, agent or retail trader (with afterwards, all coming acute pyogenic infection of finger tip with agent's title at this) the invention provides method and apparatus, so that can protect their intellectual property and other right. This and afterwards, software is defined as the concept of a broad sense, comprise such as computer program, text, data, database, audio frequency, video, image, any other can be digitized or signal information, described software by the user in equipment such as computer equipment or special installation (at this and afterwards, user's equipment or equipment acute pyogenic infection of finger tip) upper access or use. The present invention also can make the ageng merchant collect the charges according to the basis of single part of usefulness for each software entity.

Specifically, the invention provides the use of method and apparatus monitoring software on subscriber equipment of system, and prevention equipment uses any software entity without soft legal agent or software owner mandate in some sense.

For specific software, the mode that agential right may be invaded is a lot, include but not limited to following situation: the software development copy that user may buy him has also been given other people's (this is unallowed) with copy in first user's software purchasing contract, other people has installed this software at their equipment. Enterprise buys or leases agential software and be authorized to make and when using the copy of specified quantity, and the usage quantity of this enterprise has surpassed and specifies number. A pirate agent illegally copies and sells legal agential software. A pirate agent has revised legal agential software, for example, recompilates application program or renames change song, and the software of propagation and sale's infringement.

The present invention finish the legal agent of above mentioned protection aspect software right and stop the user to any infringement of this right; need to not be encrypted by means of the part to software entity or software entity; do not need the user before access, to be decrypted; do not need special hardware device or annex (" dongles ") or special processor, do not need production firm that ID numbers is designed in hardware. Therefore, by the present invention, drawback and the weakness relevant with these solutions can be avoided. And; method and apparatus of the present invention can denial of service, even immoral adversary attempts to use this protection mechanism of system to stop validated user access software (user uses the right (regime) of the legal agent's appointment of this Software-Coincidence).

Use the present invention, the ageng merchant can with some softwares (as, specific application program, books or song) control mode of wishing with him is sold, lease or propagate to the user. Attempt is installed or each specific copy of the software that used is cited for this reason an entity or a software entity of software at subscriber equipment. In general, on subscriber equipment, software can be mounted, is accessed or is used, and each access form here can be cited the use into use or software hereinafter. Therefore, give an example, use the entity of the software of an application program to include, but are not limited to install this entity, read this entity, copy this entity or carry out this entity. Use to text includes, but are not limited at equipment text to be installed, uses the part text on this equipment read text, the copying equipment or utilizes this equipment copied text. The step of specific embodiments of the present invention and composition

Particularly, the invention provides the use that a system comes monitoring software. This system comprises ageng merchant and a tag server of accepting software entity of producing software entity. Tag server produces many labels, and each software entity has a label, and each label unique identification software entity relevant with it. Subscriber equipment receives and the mounting software entity, also receives a unique label relevant with this software entity simultaneously. Subscriber equipment comprises a monitoring programme, and it detects the use of software entity and verified the authenticity of associated label before using software entity. Operate in the authenticity of the monitoring programme checking label on the subscriber equipment, if label is real, monitoring programme is safeguarded and storage tags in label list, and the entity of maintenance and storing software (preferably on memory device). If the label relevant with software is not real, the use of monitoring programme refusal software entity.

For a software entity, a label is preferably unique. Label is created by certificate server (authentication server). Label comprises the title of at least one software entity, a unique number of software entity, the hash function value of part software entity. Preferably, the unique number of software entity chooses in sparse array. In other embodiment, each label has further comprised the unique identification information of monitoring programme. Also have in the another one embodiment, each label comprises the finger print data that at least one is calculated by the partial content of the relevant software entity of this label.

In order to verify and to determine whether real a label is, monitoring programme can be verified hash function value in the label or the digital signature in the label. In the another one embodiment, the monitoring programme checking is consistent at the unique identifier of the monitoring programme in the label and the identifier of the monitoring programme on the subscriber equipment. In the embodiment of using fingerprint, at least one fingerprint satisfies the identical address fingerprint detection in the software entity that the monitoring programme checking is relevant with label and this label. The identical address fingerprint detection was carried out once at least by monitoring programme each stage before using software entity, after neutralization.

In the embodiment of using fingerprint, each label further comprises at least one address list (comprise value, have at least a fingerprint to calculate) in these values. At least one fingerprint that the software entity that monitoring programme checking is relevant with label and the software in the address (specifying in the tabulation of address at least) are correlated with. Alternative is to use general address fingerprint. (in the address fingerprint, the condition of two fingerprint sequences coupling in the common sequence of address is first fingerprint in second sequence of first fingerprint matching in first sequence, second fingerprint in second sequence of second fingerprint matching in first sequence analogized in proper order. In the fingerprint of general address, the condition of two fingerprint sequence couplings is some fingerprints in second sequence of each fingerprint matching in first sequence and the some fingerprints in first sequence of each fingerprint matching in second sequence). Because label is independent of software entity, the present invention is not needing to revise the protection that provides in the situation of software software.

According to another aspect of the present invention, when software entity at any time carries out access to any data file, be stored in the position relevant with data file with the relevant information of software entity of carrying out access. The information relevant with software entity can be the label relevant with software entity, also can be the modification time that software entity is carried out. Preferably, be written in the position (only have monitoring programme can access) of a safety with the relevant information of software entity of carrying out access. In essence, this aspect of the present invention is used to follow the tracks of the piracy software of using the shareware data.

In this example, a data file has relevant information to be stored in the position relevant with this data file, when data file of the entity of software attempt access (that is to say, share data) time, the relevant information of the monitoring programme test storage information whether current software entity is attempted access. If so, monitoring programme determines whether pirate copies of this software entity. In order to achieve this end, on the one hand, monitoring programme can use a non-another name hash function checking to be stored in the relevant information of the position relevant with data file (current be stored). Except inferior, monitoring programme can be used last modification time. Thinking is to check whether that software entity of having write this data file has a label that is positioned at the software entity on this equipment, if so, checks that the software entity on this equipment has in fact been write that data file at last modification time. If not, have at least two software entitys of same label in use, illustrate piracy has occured.

Another one embodiment of the present invention comprises a monitor center. This monitor center has software database and proving program of a tape label. Regularly communicate between monitor center and the subscriber equipment, by the label of calling procedure reception from subscriber equipment. These labels are relevant with marked software on the subscriber equipment. Each label that the proving program inspection receives from subscriber equipment is compared it and marked software database, guarantees that these labels defer to single at least usage monitoring rules. Preferably, the usage monitoring rules is relevant with at least one software entity (relevant with at least one label). Proving program returns to a continuity of subscriber equipment message. The action that the software entity relevant with each label on the continuity message equipment for indicating user deferred to. Monitoring programme on the subscriber equipment receives continuity message and verifies its authenticity. If the verification passes, monitoring program is carried out the action of indicating in the continuity message. On this meaning, by the use state of abstract factory, the right to use of the software on the monitor center final decision subscriber equipment.

Preferably, all communication informations between monitor center and subscriber equipment in safe mode (this safe mode relates to public-key encryption) time transmit.

According to another aspect of the present invention, at least one ageng merchant, tag server and monitor center and at least one ageng merchant, tag server and monitor center are combined with in addition.

According to another aspect of the present invention, when the monitoring programme on the subscriber equipment and monitor center communicated, this process was called as calling. Maximum in the subsequent voice calls process allows the time interval to be determined by following at least one optional factor: in the combination of the time that subscriber equipment spends, use number of times and the interval of software entity, the metering that the number of times that subscriber equipment powers up and subscriber equipment use. Inner can not call out monitor center the time in the time interval (since last calling procedure) that maximum allows when subscriber equipment, subscriber equipment is under an embargo or the use of certain software entity is rejected use in following period of time in following period of time. Preferably, when a software entity is used (that is to say, be accessed, install or be detected) for the first time, the call process occurs. Optionally, the request from monitor center may trigger calling.

According to an aspect of the present invention, in calling procedure, the authenticity of monitoring program test continuity message. Method of testing is whether hash function value and the hash function value in the label list from the message related to calls that subscriber equipment sends in the label list of verifying in the continuity message equates. Method of testing also may comprise the digital signature in the checking continuity message.

When subscriber equipment does not receive continuity message after sending message related to calls to monitor center, subscriber equipment can resend a message related to calls, uses the last message related to calls of mandatum cassatorium cancellation. This aspect allows subscriber equipment again to make a call.

In Surveillance center, the usage monitoring rules may be relevant with whole subscriber equipment, monitor center in calling procedure with whole communications of user equipment; Perhaps, user monitoring rule is relevant with the unique user of subscriber equipment, and monitor center is in the neutralize unique user communication of this subscriber equipment of calling procedure; Perhaps, the usage of usage monitoring rules and subscriber equipment monitoring is historical relevant, and Surveillance center is neutralize historical communication of usage monitoring of this subscriber equipment of calling procedure.

According to another aspect of the present invention, monitor center is being safeguarded a tag data structure for each software entity on each subscriber equipment in the software database that mark is crossed. Each tag data structure comprises the label of a software entity, and the usage monitoring rules relevant with software entity called out the set of quoting of noting down. Call out the relevant information of call process that represented of noting down in each of calling out in the collection of records. The continuity message relevant with calling procedure comprises at least one call time, in calling procedure, pass to the gauge outfit of a label list of monitor center, indicate the call time of last calling procedure, in calling procedure, pass to the hash function value of the label list of monitor center, the action that also has subscriber equipment to follow. The reason of calling out record before preserving is so that monitor center guarantees to only have an equipment that the gauge outfit of a given label list is arranged. Otherwise different physical equipments might be shared same software entity, and this conflicts mutually with the usage monitoring rules.

In the realization of a Surveillance center alternative or associating, Surveillance center comprises a proving program. According to this aspect, Surveillance center is regular and communications of user equipment by calling procedure. These calling procedures receive a unique identifier from subscriber equipment for the user equipment monitors program. Proving program checks the identifier that this is unique, guarantees that a monitoring programme only has an identifier at the most. After this, proving program returns a continuity message to subscriber equipment. The action that the use of any attempt of the software entity relevant with each label need to be followed on the continuity message equipment for indicating user. The authenticity of the monitoring programme checking continuity message on the subscriber equipment if real, is carried out the action in the continuity message.

According to this embodiment of monitor center, the monitoring programme identifier produces when the monitoring program is activated for the first time, and this identifier is based on the numeral that does not almost have to repeat. Point-device time value when preferably, this numeral that does not have to repeat comes from monitoring programme and is activated for the first time. Alternatively, there is not the numeral of repetition to be provided by monitor center. Interchangeable or the combination be that numeral can depend on the value of some memory address.

System according to another preferred, this system have equally also comprised the software entity that uses at subscriber equipment of a un-marked. In this system, monitoring programme detects the use of the software entity of un-marked, stores the fingerprint that comes from the fingerprint process in the software entity execution fingerprint process of un-marked and at subscriber equipment. Monitoring program on the subscriber equipment is further carried out the fingerprint process to the software entity that uses the mark on equipment and is come from the fingerprint of fingerprint process in the subscriber equipment storage. The monitoring program location, here fingerprint is calculated. Fingerprint may be based on the content of software entity. Optionally, fingerprint is based on the known behavior sequence of software entity.

According to the embodiment of monitor center in the system, monitor center comprises a finger print data structure and a proving program. Communicate by letter termly by calling procedure between monitor center and the subscriber equipment. Monitor center receives the whole fingerprints from the software entity on the subscriber equipment. Each fingerprint that receives from subscriber equipment of proving program comparison and finger print data structure decide the software entity that is the using copy of whether encroaching right on subscriber equipment. If proving program detects matching number between the fingerprint on the fingerprint in the finger print data structure of monitor center and the subscriber equipment that receives and surpasses and specify number, proving program is specified the action of a band punishment character, then, proving program returns a continuity message to subscriber equipment. Continuity message equipment for indicating user is carried out the action of this band punishment character.

The ageng merchant sends the copy of software entity of infringement to monitor center, and monitor center calculates fingerprint at this copy, joint account out fingerprint and they are stored in the finger print data structure of monitor center.

According to an aspect of native system, the fingerprint matching handling process is the process of general address fingerprint matching. For raising speed, inverted monitor center fingerprint table is used in fingerprint matching.

Chastening action comprises forbids that subscriber equipment uses within a period of time, perhaps forbid using within a period of time with the relevant software entity of fingerprint (fingerprint in the finger print data structure of this fingerprint and monitor center is complementary). Punitive action is based on a kind of below in conjunction with in the mode at least: the behavior of subscriber equipment is historical, the software assembly on the historical and subscriber equipment of the behavior of the specific user on the subscriber equipment.

Another one embodiment of the present invention provides the label list data structure, and this label list data structure leaves on the read-only medium (for example, computer read-only medium) of subscriber equipment in the mode of coding. The label list data structure comprises the unique relevant label of at least one and software entity, comprise the field that at least one is relevant with label in the label list, also comprise the field of the indication usage state that at least one is relevant with label (this label and software entity are relevant). This field also may be indicated the use statistics of a software entity relevant with label. Label list also comprises the gauge outfit of this label list of unique identification. The label list gauge outfit can comprise that relating to subscriber equipment uses the information of adding up, and also can comprise continuity message. Label list is used to store the information of using the ability of software entity at subscriber equipment that relates to.

Equipment of the present invention and method comprise the ageng merchant, and the ageng merchant comprises the software production mechanism, and this mechanism produces software entity and each software entity has at least one title and software content. Each software entity only is only available when the label with this software entity of unique identification uses together. Label is the set of the unique information that can not forge. These information relate to the software entity relevant with label and comprise at least title of a software of software, a unique number of software entity, the local hash function value that produces of software content, use the identifier of the monitoring programme on the subscriber equipment of this software entity, perhaps the fingerprint row that produce of the part of the software entity relevant with this label.

According to embodiments more of the present invention, the ageng merchant may comprise infringement software detection mechanism, the copy that this mechanism detects the software of infringement and the software of will encroach right sends to monitor center, like this, can realize that usage monitors to detect the attempt use of infringement software on subscriber equipment.

According to the another one aspect of the present embodiment, monitor center can make any label relevant with the entity of the software of encroaching right invalid and send the punitive action can for any subscriber equipment of infringement software entity that used.

Another one embodiment of the present invention is the subscriber equipment that comprises input port. Input port can receive the entity of software, also receives and the unique relevant label of this software entity, and receives the request of using this software entity. Processor on the subscriber equipment is carried out monitoring programme. Monitoring programme detects the request of using software entity, before allowing this this software entity of subscriber equipment use, verifies the authenticity relevant with this software entity. The monitoring program is verified the authenticity of label and storage tags in label list equally. If label is real, monitoring program maintenance software entity, if the label relevant with software entity is false, monitoring program refusal software entity.

Whether really and relevant completely with software entity according to an aspect of subscriber equipment, the monitoring program calculates the hash function value of software entity, decide this label by this value relatively and hash function value in the label. Label preferably passes through digital signature, and the monitoring program is verified its authenticity by the digital signature of checking label.

In subscriber equipment, label list is the data structure that is kept in the user storage device, label list comprises the unique relevant label of at least one and software entity, the field that at least one is relevant with label in the label list also comprises the field of the indication usage state that at least one is relevant with label (this label and software entity are relevant). Monitoring programme regularly or otherwise determines whether needs of calling procedure according to the definition of calling out rule, and monitoring programme is carried out calling procedure and updated stored in usage state in the label list simultaneously.

Whether each data file of the software application that monitoring programme also can verification mark be crossed is generated by the legal entity of software.

In calling procedure, monitoring programme transmits safely label list on the subscriber equipment by being coupling in interconnection mechanism on the subscriber equipment, waits for that continuity message returns subscriber equipment, and continuity message is that each label in the label list is indicated next step action. Equally, in calling procedure, monitoring programme transmits safely label list gauge outfit on the subscriber equipment by being coupling in interconnection mechanism on the subscriber equipment, waits for that continuity message returns subscriber equipment, and continuity message is that each label in the label list is indicated next step action.

Another one embodiment of the present invention allows unlabelled software is controlled. According to this embodiment, subscriber equipment comprises the unlabelled software entity on the subscriber equipment. Monitoring programme detects unlabelled software entity and carries out a fingerprint process at unlabelled software entity, is stored in the result of the fingerprint process in the fingerprint table on the subscriber equipment. Monitoring programme regularly or otherwise determines whether needs of calling procedure according to the definition of calling out rule, and monitoring programme is carried out the usage state that calling procedure updates stored in the unlabelled software entity in the subscriber equipment simultaneously. Therefore, may occur the control of unlabelled software and do not mind existence and the control of label software.

In carrying out calling, monitoring programme transmits safely part fingerprint in the fingerprint table on the subscriber equipment by being coupling in interconnection mechanism on the subscriber equipment, wait for that continuing message returns subscriber equipment, continuity message is indicated next step action for each unlabelled software entity.

According to other embodiment of the present invention, monitor center comprises the software database of tape label, the expedition program that the processor in Surveillance center moves. Monitor center is regularly carried out calling procedure, receives the label of software entity by interconnection mechanism. Proving program checks the label that each receives, and with it and the tape label ground database that is maintained in Surveillance center, guarantees that label meets at least one usage monitoring rules. Proving program transmits continuity message by interconnection mechanism. Next step action of the software entity (label that receives with monitor center in the calling procedure is relevant) that continuity message indication attempt is used.

According to several aspects of this embodiment, the usage monitoring rules may be relevant with each software entity relevant with at least one label. Equally, the usage monitoring rules also may to receive the subscriber equipment of label relevant with monitor center. The usage monitoring rules also may be relevant with the unique user that monitor center receives on the label ground subscriber equipment.

Monitor center is being that each label that each software entity on each subscriber equipment is correlated with is safeguarded a tag data structure in the software database of tape label, monitor center also receives from the new label relevant with software entity that creates of tag server, and monitor center also receives the label that the software entity that uses at this subscriber equipment in the label list that comes from subscriber equipment is correlated with. Each tag data structure comprises the label of at least one software entity, the title of software entity, the unique number of software entity, the hash function value of software entity, the usage monitoring rules that software entity is relevant and with the quoting of the associated call collection of records of described software entity respective labels.

Each calls out the information that the record representative relates to a calling procedure in the calling collection of records, also comprise at least one call time, in the middle of calling procedure, send the label list gauge outfit of monitor center to, indication is gone forward the last call time that the call process time stabs, in the middle of calling procedure, send the hash function value of the label list of monitor center to, also have the next one that be included in the subscriber equipment that continue message on relevant with calling procedure to move.

Many monitor centers comprise the processor of finger print data structure and execution proving program according to the present invention. Proving program is regularly carried out calling procedure, and subscriber equipment receives the fingerprint of the software entity that uses on the subscriber equipment by interconnection mechanism. The fingerprint that the proving program inspection receives and finger print data structure, the software entity that decides in proper order the unlabelled software entity that uses on the subscriber equipment whether to encroach right; If so, one of proving program preparation is with chastening action to be used for carrying out at subscriber equipment.

In one embodiment, all agent's softwares have fingerprint, are based on general address fingerprint detection method at agential software of the agential software infringement of another one and detect. If proving program detects a fingerprint in the finger print data structure and all fingerprints of receiving in a fingerprint between abundant coupling is arranged, proving program is specified the punitive action that will carry out, then, proving program transmits continuity message, the punitive action that the recipient of this continuity message indication continuity message will carry out. Abundant coupling may equal 1, also may be greater than 1, also may calculate with the weighted sum of coupling, and the weights of each coupling are decided by the fingerprint that mates.

According to the other side of the present embodiment, punitive action can be specified and be forbidden the recipient, perhaps forbids the software entity relevant with the fingerprint that is complementary of fingerprint in the finger print data structure.

Aspect other one, the proving program of monitor center receives the copy of the software entity of infringement by interconnection mechanism, calculated fingerprint on the copy of the software entity of unlabelled infringement, the fingerprint that combination calculates and with fingerprint storage in the finger print data structure.

Embodiment of the present invention also comprise the copy that receives appointment of agent software and produce a plurality of labels that each software entity has a label, the software entity that each label unique identification is associated. Each label preferably includes the title of at least one associated software, the unique number of associated software entity, the hash function value that also has the partial content of associated software entity to calculate. Can use data signature mechanism to carry out digital signature to label, then safety transmits these labels to purpose recipient (for example, subscriber equipment, monitor center or ageng merchant).

Method of the present invention comprises the method that monitoring software uses. This method comprises and creates the with it step of unique relevant label of software entity and establishment. Then, this method distributing software entity is distributed label with secured fashion to subscriber equipment, the software entity on the reception subscriber equipment and associated label. Whether the method also detects the operation of using software entity in the subscriber equipment attempt, allow according to operation more than the Determines of the label relevant with this software entity.

In this method, establishing label comprises to software entity and distributes unique number, calculates first hash function value according to the partial content of software entity. Then second of the software for calculation entity hash function value, second hash function value made up the title of software, the unique number of software entity, and first hash function value. Next, this method comprises and calculating and the step of the unique relevant label (label comprises the title of software, unique number and second cryptographic Hash of software entity) of software entity.

This step of establishing label may create the label of digital signature, produces signature and signature packets is contained in the label by Applied Digital signature function on second hash function value.

Step to subscriber equipment distribution label may comprise that use public-key encryption mode is distributed to ageng merchant and subscriber equipment safely to label.

The step that receives software entity is included in the step that the subscriber equipment end obtains software entity. The step of receiving label in the subscriber equipment termination comprises that safety obtains the label relevant with software entity, whether measure the label relevant with software entity signs, if, utilize the signature in the hash function value checking label, if signature verification is passed through, mounting software on subscriber equipment is not if the label relevant with software entity signed mounting software on subscriber equipment. Detection uses the step of software entity to comprise the monitoring programme that activates on subscriber equipment at subscriber equipment, intercepts and captures the request that the user uses software entity. The step whether mensuration uses the operation of software entity to be allowed to comprises may comprise also whether the calling procedure of measuring based on calling out rule needs, if so, carry out a calling procedure checking authenticity and the mensuration usage monitoring rules relevant with software entity. Other step comprise the result based on calling procedure upgrade in the subscriber equipment label information, check associated status information, measure whether the use of associated software entity allow.

The step of carrying out calling procedure comprises the continuity message (be in the label list each label indicate an action) that returns to subscriber equipment from subscriber equipment Transport label table (preserving the label relevant with software entity) and wait reception. Subscriber equipment can continue to process local execution request when waiting for continuity message.

It is corresponding that the specific embodiments of the method may comprise also whether checking continuity message navigates to the event history of the equipment of appointment and event history and this equipment.

In the embodiment of the method, the step of carrying out calling procedure may comprise reception label list (comprising the label relevant with software entity), checks that each label and the corresponding software database of mark in the label list that receives guarantees that the label in the label list meets at least one usage monitoring rules. Step in being included in also has the continuity of transmission message, and when detecting the use of the software entity relevant with each label, next step of continuity message equipment for indicating user followed operation.

In the embodiment of the method, continuity message comprises monitoring programme (object that continuity message sends) identifier, the time of continuity message, the in addition coding of label list gauge outfit (appearing in the calling of equipment).

The present invention also provides the method for the use of monitoring software, and the method comprises that also step detects the use of the unlabelled software entity on the subscriber equipment, then the establishment fingerprint relevant with unlabelled software entity with storage on subscriber equipment. The method detect unlabelled software entity on the subscriber equipment with attempting and judging by the finger print data structure of the fingerprint of relatively the encroaching right fingerprint relevant with unlabelled software entity whether this attempt effective, if finding has fingerprint to be complementary, ban use of unlabelled software entity.

Above method comprises that also step detects the software entity of the mark on the subscriber equipment, create with the storage subscriber equipment on the relevant fingerprint of software entity of mark. The step that comprises detects the use attempt of the marker software entity on the subscriber equipment in addition, judge with the relevant fingerprint of software entity of mark whether this attempt is effective by the finger print data structure of the fingerprint of relatively encroaching right, if finding has fingerprint to be complementary, ban use of the software entity of mark.

The possible replenish step of the method is the entity that infringement software is surveyed in the ageng commodity inspection, submits the entity copy of infringement software to monitor center. The step that comprises also has in the software entity calculated fingerprint of monitor center to infringement, makes up these fingerprints and they are stored in the finger print data structure. This compensation process is not considering that in the situation that marker software has existed also may be the alternate embodiment of self.

Another one embodiment of the present invention comprise can the unique identification software entity method, the step that the method comprises has the acquisition software entity, distributes title to software entity, distributes unique number to software entity. Unique number is different from the unique number of the another one entity of distributing to same software. Said method is also included within on the partial content of software entity and calculates a hash function value, by calculate second hash function value produce one not signature can this software entity of unique identification the hash function value, second hash function value is the title at software entity, produces on the quantity of software entity and first hash function value three's who calculates the series connection basis. The method then uses key to the hash function value signature that does not have signature, produce the hash function value of signing name for software entity, create afterwards the associated label of this software entity of unique identification, this label comprises the hash function value of the software entity of signing name, the title of software entity, the unique number of software entity, and the hash function value of not signing name of software entity.

According to this embodiment, obtain the step of software entity and carried out by the ageng merchant to the software distribution title, to software entity distribute unique number, calculate first and second hash function value, second cryptographic Hash of signature, and the step of establishing label is carried out by tag server.

The present invention also comprises the embodiment relevant with the computer read-only medium, the read-only medium is here formed by the programmed instruction coding, when instruction is read or when processor moves, carry out following steps: detect the request of using software entity, judge the state whether label relevant with software entity has relevant permission software entity to be used, regularly carry out the authenticity of calling procedure checking label and guarantee to meet the usage monitoring rules with the use of the corresponding software entity of label.

The present invention is also included within the embodiment of the procreation signal of propagating by carrier on the communication media. A signal has like this carried the tag data structure of coding, this data structure comprises at least and a unique relevant label of software entity, also comprise the field that at least one is relevant with label in the label list, the use state of a control of that software entity that at least one indication is relevant with label.

Such signal has carried the continuity message behind the coding in addition, and continuity message has comprised the action that the recipient that indicates this procreation signal will carry out, and condition is to attempt when the use that the recipient detects the software entity relevant with above-mentioned action.

Another one method provided by the invention guarantees that software program also is not modified. The embodiment of this method may further comprise the steps: calculate non-another name hash function value according to the content of software program, then it is compared with previous cryptographic Hash of preserving also whether result of determination is identical, so just indicate software program and whether be modified. In a version of this method, operating system is calculated non-another name hash function value, and software program is monitoring programme.

Equally, method provided by the invention can guarantee that data also are not modified. This method is calculated non-another name hash function value according to the content of data, then it and previous cryptographic Hash of preserving is compared. In this method, monitoring programme is preferably calculated the data of non-another name hash function value and monitoring programme use. The summary of the function mode of the above-mentioned embodiment of the present invention

Before providing the detailed description of above-mentioned embodiment, provide the summary of the general senior function mode of the various embodiments of relevant the present invention, some complex contents in reader understanding's invention embodiment.

As described in the above-described embodiment, each entity of agent's specific software is by the unique label that can not a be forged representative. Anyway, all entities of same software all are identical, do not encrypt, each copy by specific software forms, and perhaps, has also comprised the title of software. For example, the entity Spread of application-specific software comprises program code and the title " Spread " of spreadsheet application. Because the present invention does not need special hardware device, the entity of the software of any kind can be placed on common equipment or the different equipment and use.

The ageng merchant produces the entity (copy) of some specific software, sends an entity of this software to tag server, the label of this software entity of asking in addition some of thereupon coming together. Tag server produces the different unique tags of request quantity. The agent can connect the software entity that each label is associated with unique identification to an entity and each unique tags of software. This entity is used in subscriber equipment Receiving Agent merchant's software entity and attempt, and safety receives and the unique relevant label of that software entity simultaneously.

Subscriber equipment comprises monitoring programme on this equipment of operating in, and the authenticity of the label that its checking is relevant in label list, is stored in tag storage on the memory device to software entity, if label is real, allows to use software entity. If the label relevant with entity is false, the entity of monitoring programme refusal software. Each label in the label list has a state, such as " available ", " deletion ", or " pay by using ", these states are by the monitoring programme association. The order of monitoring program checkout equipment is used described software entity and is verified whether the current state relevant with label (relevant with this software entity) allows to use this entity.

Safe transmission or receive data or the object that comprises data mean that data or object do not allow data or be included in data in the object by anyone modification or reveal to anyone (except sender and recipient) in the sending and receiving process. For example, the agent sends label in the mode of safety at network may for subscriber equipment, by using TETS ISPEC or NETSCAPE SSL or any other secure communication protocols, perhaps the agent can give disk that is sealed in the anti-tamper envelope of user. It is in order to protect sensitive information can not be exposed to the listener-in that the present invention has used the purpose of secure communication, and it is not the part of protection mechanism of the present invention. Any standard security communication protocol can reach this purpose.

Mention as above embodiment, be the title that label that software entity creates comprises software by tag server, the unique identification numbering of software entity is (after this reaches, be cited as instance number), based on the hash function value of software entity partial content, and the hash function value of all above data of combination. The used instance number of the present invention may be the sequence of integer or any symbol, and said sequence exists as unique identifier here. Optionally, tag server may be signed to last hash function value above-mentioned, and signature packets is contained in the label.

The label that comprises signature is at this or be cited as later on signatures tab. The label that does not comprise signature will be cited as the label of unsigning. When preparing unsigned label for the entity INST SW of software SW, tag server is inner from sparse group (after this reaches, being cited as sparse group of safety) of a safety to be unique identifying number relevant with software SW of entity selection. Numbering possibility in safe sparse group for example, is produced by physical process.

Whether real in order to judge the label relevant with software entity INST, the monitoring programme on the equipment (install or use this entity INST) is extracted the instance number NUM INST of entity INST and the title of software from label. The part of some appointments of monitoring programme in the content of software entity INST is calculated the hash function value. Then, monitoring programme calculates the hash function value according to the combination between instance number NUM INST, title NAME SW and the hash function value three that before calculated. The hash function value that monitoring programme relatively calculates and the hash function value of in label, finding out. Monitoring programme need to be verified any digital signature, and this signature is the part of signatures tab. The authenticity of label of unsigning is further checked by monitoring programme, is allowing for the first time or before the subsequently use to the related software entity, is sending label by safety and carry out the identity reality checking to tag server or monitor center (the following describes).

As mentioned above, system also comprises monitor center, and monitor center comprises software data and the proving program that mark is crossed. Monitor center by calling procedure regularly and subscriber equipment communicate, for each software entity that is installed on the subscriber equipment receives all labels. The proving program inspection is received in each label and the registration database of subscriber equipment, guarantees that label meets at least one usage monitoring rules. Proving program returns a continuity message, the action that continuity message indicates next step to follow according to the access situation of the relevant software entity of each label on the subscriber equipment to subscriber equipment.

The usage monitoring rules can be relevant with the single entity of software, this entity is relevant with a label at least, perhaps relevant with whole subscriber equipment (communicating by letter with monitor center), perhaps the unique user with subscriber equipment (communicating by letter with monitor center) is relevant.

Monitor center is that each label of each software entity on each subscriber equipment is safeguarded a tag data structure in the software database of mark. Each tag data structure comprises the unique number of title, the software entity of label, the software entity of software entity, about a series of callings records relevant with software entity of the hash function value of the software entity rule relevant with software entity. In this a series of callings record each is called out the information that record represent the call process, also comprise call time, in calling procedure, send to comprise in the last call time of gauge outfit, the front calling procedure timestamp of indication of the label list of monitor center, the cryptographic Hash that in calling procedure, sends the label list of monitor center to, the continuity message relevant with calling procedure subscriber equipment need execution action. Utilize these mechanism, monitor center can be the use statistics of some behaviors (for example, paying according to the use of entity) tracking software entity.

According to another aspect of the present invention, unlabelled software entity may be installed on the subscriber equipment. Defence program detects unlabelled software entity, carries out finger prints processing at unlabelled software entity, and the fingerprint storage after then will processing is in the fingerprint table on the subscriber equipment. Regularly by calling procedure communication, receive the fingerprint from each unmarked software entity (being installed on the subscriber equipment) of subscriber equipment between monitor center and the subscriber equipment. Proving program checks that each from fingerprint and the fingerprint database of subscriber equipment, judges the software entity whether unlabelled software entity encroaches right. By this form, the present invention can detect and use the software (illegal copies) of revising.

If proving program detects fingerprint in the fingerprint database and is complementary from a fingerprint in all fingerprints of subscriber equipment, proving program is specified needs the punitive action carried out, and then proving program returns a continuity message to subscriber equipment. In this case, the indication of continuity message is moved in this punitive that subscriber equipment needs to carry out. Like this, for example, if use unlabelled infringement software at subscriber equipment, subscriber equipment can be under an embargo.

Alternatively, chastening action may be specified the unlabelled software entity relevant with fingerprint (being complementary with the fingerprint in the fingerprint database) use that should be under an embargo.

In order to obtain fingerprint at monitoring server, software vendor sends to monitor center to the infringement entity of unlabelled software, monitor center on the copy of the infringement entity of this unlabelled software calculated fingerprint and these fingerprint storage in fingerprint database.

Another one embodiment of the present invention provides the label list data structure through coding that leaves on the computer read-only medium. The label list structure comprises the label of a software entity of at least one unique identification, the field that at least one is relevant with label in the label list. The usage monitor state of the software entity of this field indicating label sign, also the use statistics of the software entity of possibility indicating label sign. The label list data structure also may comprise the label list gauge outfit, this this label list of gauge outfit unique identification, and also unique label list and subscriber equipment of making is associated. The label list gauge outfit comprises that subscriber equipment uses information and the continuity message of statistics. The usage monitor state of the action of continuity message indication punitive and the software entity relevant with label.

The ageng merchant comprises the software development mechanism that creates the software entity that dbase and content are arranged as one aspect of the present invention. Each software entity only have with the label of this software entity of unique identification together, just can be moved. Label is the unique information aggregate that can not forge, and information aggregate relates to the software entity relevant with label, comprises the title of software, the unique number of software entity and the cryptographic Hash of software content. The ageng merchant also comprises the infringement software detection mechanism of the infringement software entity that detects piracy of intellectual property rights. The ageng merchant transmits the use attempt that the infringement software entity is convenient to monitor to detect by carrying out usage the infringement software entity to prison center, family.

Alternative embodiment of the present invention provides the ageng merchant to produce at least one software entity, and this software entity is the unit equipment identifier in test. Test will be " if statement " in the typical programmed language. Test comprises the identifier of comparison combination and will use the identifier of the equipment of software entity. If the identifier of combination equals device identifier, this software entity can normally use so, otherwise the monitoring programme on the equipment is carried out the punitive action. Protection for a dark step; the digital signature of the cryptographic Hash of software entity (identifier that comprises combination) is sent out; whether real this digital signature of test judgement is for the second time, and afterwards, whether the value behind the test judgement signature is identical with the cryptographic Hash of software entity for the third time. If different, the monitoring programme on the equipment is carried out the punitive action.

Described as above-mentioned embodiment structure chapters and sections, subscriber equipment is provided, comprise the input that receives software entity, receive safely the label relevant with this software entity, receive the attempt from the user's access software entity on the subscriber equipment. Processor on the subscriber equipment is carried out a defence program. This defence program detects the attempt of access software entity, the checking label relevant with software entity before the user's access software entity that allows on the subscriber equipment. Defence program judges that a calling procedure (by calling out rule definition) is essential. Then defence program carries out the state that calling procedure updates stored in the label in the label list. In calling procedure; defence program transmits the continuity message that label list on the subscriber equipment and wait return to subscriber equipment safely by the interconnection mechanism that is coupled with subscriber equipment, and continuity message is that each label indication in the label list needs the action carried out. In this was realized, subscriber equipment did not need to arrange the usage monitoring rules, on the contrary, only safeguards all devices is concentrated applicable rule.

For the unlabelled software entity on the subscriber equipment, defence program detects unlabelled software entity, carries out finger prints processing at unlabelled software entity, in the fingerprint table of fingerprint storage on subscriber equipment that finger prints processing is obtained. For unlabelled software; in calling procedure; defence program transmits the continuity message that fingerprint table on the subscriber equipment and wait return to subscriber equipment by the interconnection mechanism that is coupled with subscriber equipment, and continuity message is to be stored in each unmarked software entity indication on the subscriber equipment to need the action carried out.

For unlabelled software, the proving program in the monitor center is regularly carried out the fingerprint that calling procedure receives unmarked software entity by interconnection mechanism. The fingerprint that the proving program inspection receives and fingerprint database are judged the software entity whether unlabelled software entity encroaches right, and if so, proving program is that subscriber equipment sharpens one's knife for sexual act. If proving program is measured a fingerprint that fingerprint matching receives in the fingerprint database, proving program is specified the action that needs execution, and sends continuity message to subscriber equipment. The indication of continuity message is carried out the action that needs at a subscriber equipment that receives continuity message.

Provide certificate server in the another one embodiment of the present invention, certificate server is realized accepting software entity and is produced a plurality of labels (software entity of each label). The software entity that each label unique identification is associated, and each label comprises the information of coding, these information relate to the title of the software entity relevant with label, with label relevant software entity unique number, with the relevant software entity of label on the cryptographic Hash calculated.

In the method for control software access, carry out the step that creates software entity. Then, be created with the unique relevant label of software entity. Software entity and label are sent to subscriber equipment subsequently. Next this method detects the use of the software entity on the subscriber equipment, and the tag state relevant with software entity that is accessed by judgement judges whether the access software entity is effective.

For establishing label, this method is distributed a unique number to software entity, calculates first cryptographic Hash according to the content of software entity. Second cryptographic Hash calculated for software entity. Second cryptographic Hash comprises the title of software, the unique number of software entity, the content of software entity and first cryptographic Hash. Finally, this method is calculated and the unique relevant label of software entity, and this label comprises the title of software, unique number and second cryptographic Hash of software entity.

The step of calculating label produces the signature cryptographic Hash and it is included in the label that creates digital signature in the label by the digital cipher signature function of using second cryptographic Hash. Can distribute safely label like this. Can use public key encryption technology to realize the label secure distribution to ageng merchant and subscriber equipment.

Come distributing software by the software entity that obtains on subscriber equipment, obtain the label relevant with software entity with secured fashion at subscriber equipment. Subscriber equipment can judge whether the label relevant with software entity be signed, if so, can verify the signature cryptographic Hash in label, and if the verification passes, subscriber equipment can be just with mounting software.

In order to detect the attempt of the software entity on the access subscriber equipment, method of the present invention is included in and activates user's request that defence program is intercepted and captured the access software entity on the subscriber equipment. Whether effective for the attempt of judging the access software entity, whether this method is judged based on the calling procedure of calling out rule needs. This method is carried out calling procedure and is verified authenticity, judges the label service regeulations relevant with software entity, upgrades label information in the subscriber equipment according to the result of calling procedure. Check the status information relevant with label at subscriber equipment, judge whether the access software entity relevant with label be effective, and in this case, software has obtained protection.

In the middle of calling procedure, store the label list of the label relevant with software entity from subscriber equipment, subscriber equipment is waited for the continuity message that returns to subscriber equipment, the action that each labeling requirement in the continuity message indicating label table is carried out.

Monitor center receives the label list that comprises the label relevant with software entity, and the software database that each label that receives in the inspection tag table and mark are crossed guarantees that label and at least one the usage monitoring rules in the label list is consistent. Monitor center sends continuity message when attempt using the software entity relevant with each label detecting, and continues message and indicates at subscriber equipment and need the action carried out.

Other embodiment of the present invention comprises the computer read-only medium that contains above processing procedure coding, is also included within the procreation signal that transmits by carrier on the medium, and this signal carries the label list data structure that above-mentioned coding is crossed.

Use these mechanism, system of the present invention permission has the legal agent/owner of copyright to monitor their right aspect software entity. If the agent finds that its copyright is invaded, software entity illegal, that steal, reverse-engineering, change or decompiling for example, the software that it is made operating aspect and this agent in essence something in common arranged, this system can monitor the illegal copies of these softwares.

System of the present invention protects the legal use of software simultaneously, uses the party of software to carry out denial of service for dishonest attempt by creating illusion.

The same pay-per-use statistics that allows to follow the tracks of at each subscriber equipment the software of having bought the following use copyright of the present invention. In calling procedure, monitor center can be judged the use statistics of the software entity of pay-per-use, and can provide use information for charging for the ageng merchant.

As mentioned above, system comprises a monitor center that marker software database and proving program are arranged. Each user that it must regularly and monitor center communicate by calling procedure, for the entity of each installation or agent's software of since upper one this calling procedure, having used at this equipment, safely the transmission label relevant with this entity. From the excessive data of label list, relate to or comprise whole label list, also may monitored program in calling procedure, send to safely monitor center. Calling procedure is initiatively initiated by monitor center or subscriber equipment. The proving program of monitor center is differentiated each label from subscriber equipment that it is received.

In essence, proving program checks each label and from the associated data of subscriber equipment, the contrasting marking software database is differentiated its authenticity, guarantees that this label meets at least one usage monitoring rules, and this rule is applicable to the therewith relevant software entity of label. For example, proving program may check in calling procedure, receive from come from same monitoring programme since once calling out label whether be in spendable state in the label list at calling device, it also appears in the label list of miscellaneous equipment with serviceable condition simultaneously, and the generation of this situation may have been violated the usage monitoring rules. Proving program returns continuity message safely to subscriber equipment, utilizes simultaneously and receive ground label and relevant information update mark software database in calling procedure.

When creating a unsigned label for software entity, tag server sends safely this label to monitor center, and the tag storage that the proving program of monitor center handle receives is in the marker software database.

In another one realized, tag server sent all newly-built labels to monitor center, and each tag storage that the proving program of monitor center handle receives is in the marker software database. When monitor center receives label from subscriber equipment in calling procedure, the proving program of monitor center is differentiated this label by search this label in the marker software database, do not having in the situation about finding, if described label is unsigned label, monitor center asserts that the identity of this label is untrue. If described label is the label of signature, proving program or can find it in the marker software database verifies that perhaps described label has correct form so, and then the digital signature in the checking label.

Monitor center is signed by monitor center to the continuity message of subscriber equipment, and this message comprises that the hash function value of identification information such as timestamp, label list and other come from the data of user equipment monitors program in calling procedure. In addition, continuity message comprises the order to the monitoring programme on the subscriber equipment, is referred to as action after this reaches.

The example of the action that the present invention uses including, but not limited to: indication monitoring programme (1) allows the continuation of software entity to use; Or (2) refusal at the appointed time uses software entity in the section; Or (3) refusal at the appointed time uses or installs the software entity with given title or the tabulation of given fingerprint in the section; (4) forbid user's equipment in the time period of appointment. The action of type (2) to (4) is called again the punitive action sometimes.

In calling procedure, when the monitoring programme on the subscriber equipment was received continuity message from monitor center, monitoring programme checked the digital signature of monitor center. Monitoring programme further checks the whether calling of current device of continuity message, the hash function value of the partial content by relatively continuing hash function value in the message or other data and device label table, perhaps relatively the hash function value of label list or other data in the label list.

If above-mentioned signature empirical tests is the real and above-mentioned coupling that relatively occurs, monitoring programme receives continuity message, it as the answer of monitor center to current calling procedure. Like this, monitoring programme is stored continuity message in label list, continues to upgrade the state of label, carries out the action or the punitive action that occur in described continuity message.

The usage monitoring rules can be relevant with the software entity of single mark, or relevant with the software of appointment, or relevant with the type of software, or the whole subscriber equipment of communicating by letter with monitor center is relevant, or the unique user of the subscriber equipment of communicating by letter with monitor center is relevant.

Example by the usage monitoring rules of the agent of software entity definition includes but not limited to following and combination. Once will can not be used on the another one subscriber equipment at the software entity that a subscriber equipment uses. Software entity can not be simultaneously be used or be in upstate at two subscriber equipmenies. Software entity only can be used or be in upstate simultaneously on the subscriber equipment of appointment. Software entity can not be used after the time of appointment. Only have expense when pay-per-use be delivered to the account of appointment upper after the use of software entity just can be used.

About the use of entity or the use of a class software entity, method and apparatus of the present invention is so that the execution of any usage monitoring rules of agent or association's definition becomes possibility.

Monitor center is that each single label (relevant with some software entitys on some subscriber equipmenies) is safeguarded a tag data structure in the marker software database, tag data structure and label self is relevant, and any specific irrelevant to the subscriber equipment of monitor center transmission label in calling procedure. Each tag data structure comprise software entity label, software (entity of software is a copy of software) title, software entity or entity part content hash function value, the usage monitoring rules relevant with software entity, call record quote set or the relevant call record set with software entity. Each call record in the set of above-mentioned call record has represented the information that relates to the call process, may comprise call time, in calling procedure, send the label list gauge outfit of monitor center or other identification information to, in the indication once the last call time of calling procedure timestamp, in calling procedure, send to the label list of monitor center the hash function value, in calling procedure, send to the continuity message of the monitoring programme on the subscriber equipment.

Utilize and collect in the middle of the calling procedure and the data of storage, can the collect usage statistics of each software entity of monitor center is for the pay-per-use of software entity provides the statement of expense.

Unlabelled software entity may be installed or use on the user. It is not have markdly that the monitoring program detects entity, and calculates the fingerprint of the selection part of unlabelled software entity, then on the subscriber equipment these fingerprint storage in fingerprint table. According to this on the one hand, monitor center comprises the finger print data structure. In the calling procedure of above-mentioned that mention and subscriber equipment, monitor center receives all fingerprints from subscriber equipment, and these fingerprints refer to be installed in the fingerprint of each the unlabelled software entity on the subscriber equipment. Each fingerprint that comes from fingerprint on the subscriber equipment and its finger print data structure that proving program relatively receives is judged the software entity whether unlabelled software entity on subscriber equipment encroaches right. In this way, the software entity that the present invention can detect use is the pirate copies of agent's software of deleted label, or the thing of the derivation of agent's software piracy.

If proving program detects matching number between the fingerprint on the fingerprint in the finger print data structure of monitor center and the subscriber equipment that receives and surpasses and specify number, proving program is specified the action of a band punishment character, then, proving program returns a continuity message to subscriber equipment. According to such punitive action, if being found to subscriber equipment, monitor center using unlabelled infringement software, subscriber equipment may be under an embargo the end time.

In other example, if the fingerprint in the finger print data structure of the fingerprint of unlabelled software entity and monitor center is complementary, the punitive action may be specified and be forbidden this software entity.

Finger print data structure on the monitor center is to consist of after the copy of infringement software by ageng merchant (detect the propagation of infringement software or with it as unmarked software application) sends to monitor center. Monitor center is according to the partial content calculated fingerprint of the copy of this infringement software and will be kept in the finger print data structure after the combination of these fingerprints.

The fingerprint of the selection part by calculating any software entity on any mark or the unlabelled subscriber equipment and the fingerprint table of these fingerprint storage at equipment provides the infringement protection to agent's software right. With in the past the same, the fingerprint in calling procedure in the monitoring programme of the equipment transmission fingerprint table is to monitor center, and the proving program of monitor center is searched coupling between the finger print data structure of the fingerprint that receives and monitor center. Legal agential right has been protected in this aspect of the present invention, and this mainly makes the infringement version of legal agent's software by the agent of piracy, distributes the markd entity of described infringement software.

Tag data structure is encoded and leaves on the read-only medium of the equipment that supplies user equipment access. If any marker software has been installed on the equipment or by equipment and has used, the label list data structure comprises at least one label, and this label and software entity are unique relevant and comprise the field that at least one is relevant with label in the label list. This field is a software entity indication usage monitor state relevant with label, also may comprise the use statistics of a software entity relevant with label. The label list data structure also may comprise the label list gauge outfit, and this gauge outfit unique identification label list and it are relevant with label list the monitoring program on a subscriber equipment or the subscriber equipment. The label list gauge outfit comprises the information that the user uses statistics and continuity message that relates to. Possible action and the usage monitor state of the software entity that the indication of continuity message is relevant with label.

The ageng merchant provides the software development process that creates software (title and software content are arranged) entity. Each agent's software entity only with the combining of the unique tags relevant with this software entity in be only and can be accessed and use. Label is unique information aggregate that can not be forged, and this information relates to the software entity relevant with label. Label comprises the title of software, the unique identification numbering of software entity and the hash function value of software section content. The ageng merchant also comprises infringement software detection mechanism, and this mechanism detects the software entity of invading agent's intellectual property or right. The ageng merchant sends to monitor center to the infringement software entity so that detection is attempted and access the use of infringement software, if detect, monitor center is imposed to related subscriber equipment to the punitive action.

Subscriber equipment comprises that an input port receives software entity and unique relevant label with it. This equipment also receives the request of installing and using software entity. Processor on the subscriber equipment is carried out monitoring programme. Proving program detects the trial of installing and using software entity, before allowing installation and using this software entity, verifies the authenticity of the label relevant with software entity or verifies the therewith relevant state of label. Sometimes, monitoring programme is judged the needs calling procedure according to the definition of calling out rule; It carries out the state that calling procedure updates stored in the label in the label list.

In calling procedure, monitoring programme transmits safely label list on the subscriber equipment by being coupling in interconnection mechanism on the subscriber equipment, waits for that continuity message returns subscriber equipment, and continuity message is that each label in the label list is indicated next step action. In this case, subscriber equipment does not need to relate to the usage monitoring rules is set, and only needs to carry out relevant common apparatus or the agential usage monitoring rules of software entity by agent's distribution.

The calling rule that is realized by the monitoring programme of subscriber equipment may with this device-dependent, or relevant with specific software entity on the described equipment, or relevant with the specific user of this equipment. Call out the example of rule including, but not limited to following situation. The up-to-date time of calling user device may have been determined by the combination of elapsed time since the last calling next time. The number of times that equipment is unlocked since last calling, equipment is used the time total since last calling. Similarly, calling relevant with label or that relevant software entity is correlated with this label may use the function of elapsed time since last calling to decide the up-to-date time of next time calling out, and the time that the number of times that software entity uses and software entity are used amounts to. The another one relevant with software entity called out to carry out when rule may specify in the trial that software entity occurs on the subscriber equipment each time to use and called out.

The behavior of force users equipment of the present invention and monitoring programme thereof meets the calling rule that is applied to any label in described subscriber equipment or the described device label table, just in case can not call out monitor center and reception from the continuity message of monitor center. Before the up-to-date time of calling out regular designated call, carry out the punitive action of appointment by making monitoring programme. The monitoring programme that the present invention guarantees subscriber equipment is this time called out the message that receives as monitor center term of execution of calling procedure continuity message is accepted, and is that described calling sends as continuity message by monitor center in fact in described message only. The realization approach is its continuity message of monitor center signature, comprise the unique identification data that links to each other of calling it and current user monitoring program in the message in continuity, arrive as former explanation, monitoring programme verifies described signature and described identification data. The above preparation of the present invention has stoped user or subscriber equipment to walk around protection of the present invention, according to calling out rule not call monitoring center or the incorrect continuity message of trial establishment use.

Can not meet in the situation of calling out rule, the monitoring programme of described equipment is carried out the example of punitive action above-mentioned including, but not limited to following content. Monitoring programme may forbid that equipment is engaged in any activity except carrying out calling procedure within a period of time. If breaking rules appears in the calling relevant with software entity rule, equipment may be forbidden the use of software entity within a period of time.

For installing or use on subscriber equipment, monitoring programme is to unlabelled software entity, carry out the finger prints processing process and fingerprint storage as a result in the fingerprint table on the subscriber equipment. For unlabelled software, in the middle of calling procedure, proving program is also waited for the continuity message that receives from monitor center by the fingerprint table that interconnection mechanism transmits on the subscriber equipment to monitor center, and described message indication is stored in the action that the unlabelled software entity on the subscriber equipment need to be carried out.

For unlabelled software, the monitoring programme of subscriber equipment is regularly carried out the fingerprint that calling procedure sends unmarked software entity by interconnection mechanism. This calling procedure may be initiated by the monitoring programme of subscriber equipment. Each fingerprint that the proving program inspection of monitor center receives and the finger print data structure of monitor center contrast the software entity of judging whether unlabelled software entity encroaches right, and if so, proving program is that subscriber equipment sharpens one's knife for sexual act. For example, if proving program detects the fingerprint that unmarked software entity is relevant on the fingerprint relevant with some designated software in the finger print data structure and subscriber equipment abundant coupling is arranged, proving program specifies the punitive that needs to carry out to move, and sends continuity message to subscriber equipment. The action that the subscriber equipment of continuity message indication reception continuity message need to be carried out.

Above-mentioned tag server usually receives the copy of designated software and produces one group of label, and each entity of described software has a unique label. The software entity that each label unique identification is associated, the information that each label comprises relates to unique number and the hash function value of software entity title, the software entity relevant with this label, and this value is in conjunction with the unique number of described soft title, described software entity with according to the hash function value of the software content calculating relevant with label.

In the method that monitoring software uses, the step that creates software entity is performed as above-mentioned. Then label is created and is unique relevant with software entity. Software entity and label then are distributed on the subscriber equipment. Whether this method then detects the trial of the software entity on user's equipment, decide by the state of judging the label relevant with this software entity and use the trial of this software entity feasible.

For establishing label, this method is distributed a unique number to software entity, calculates first hash function value according to the content of software entity. Then this method calculates second hash function value, and second cryptographic Hash combines the title of software, unique number and first hash function value of software entity. Finally, this method generates and the unique relevant label of software entity. This label comprises the title of software, the unique number of software entity and the hash function value that second is mentioned.

The step of establishing label can be further by being included in the label that method in the label produces a digital signature on digital signature function application to the second hash function value of mentioning and the hash function value of signature.

Come distributing software and the label relevant with software entity by the software entity that obtains on subscriber equipment. Subscriber equipment can judge whether the label relevant with software entity be signed, if so, can verify at the hash function value in the label and the signature in label, if described checking is passed through, subscriber equipment can be just to install or to use software entity.

In order to detect the attempt of the software entity on the access subscriber equipment, method of the present invention is included in user's request that the activation monitor program is intercepted and captured the use software entity on the subscriber equipment. Whether effective for the attempt of judging the access software entity, whether this method is judged based on the calling procedure of calling out rule needs. This method is carried out calling procedure and is verified authenticity, judges the usage monitoring rules of the label relevant with software entity, upgrades label information in the subscriber equipment according to the result of calling procedure. Check the status information relevant with label at subscriber equipment, judge and use the software entity relevant with label whether to allow, in this case, software has obtained protection.

In the middle of calling procedure, the label list of storing the label relevant with software entity is sent to monitor center safely from subscriber equipment, subscriber equipment is waited for the continuity message that returns to subscriber equipment, the action that each labeling requirement in this continuity message indicating label table is carried out.

Monitor center receives the label list that comprises the label relevant with software entity, and the software database that each label that receives in the inspection tag table and mark are crossed contrasts to guarantee that label and at least one usage monitoring rules in the label list are consistent. Monitor center continues message detecting to transmit when the software entity relevant with each label used in attempt, and this continuity message is indicated at subscriber equipment needs the action carried out.

Other embodiment of the present invention comprises the computer read-only medium that contains above processing procedure coding, is also included within the procreation signal that transmits by carrier on the medium, is carrying above-mentioned label list data structure this signals security.

System of the present invention protects the legal use of software simultaneously, comes the party of unauthorized use of software to carry out denial of service for dishonest attempt by creating illusion.

The concise and to the point description of chart of the present invention

Description from following more specific relevant the preferred embodiments of the invention, described above and other object relevant of the present invention, function and advantage will embody ground apparent, as in appended chart (quoting with a part in reference character in the different views), illustrating. Chart there is no need proportionally to draw, and on the contrary, emphasis point is placed on illustrates on the principle of the present invention.

Fig. 1 has illustrated the information system according to one embodiment of the invention configuration.

Fig. 2 has illustrated the more detailed view according to the information flow in the system of one embodiment of the invention configuration.

Fig. 3 A has illustrated the flow chart according to one embodiment of the invention, is described as the treatment step that software entity creates signatures tab.

Fig. 3 B has illustrated the flow chart according to one embodiment of the invention, is described as the treatment step that software entity creates the label of unsigning.

Fig. 3 C has illustrated the flow chart according to one embodiment of the invention, is described as the software entity establishment with the treatment step of the label of unsigning of fingerprint.

Fig. 4 has illustrated the subscriber equipment architecture according to one embodiment of the invention configuration.

Fig. 5 has illustrated the flow chart according to one embodiment of the invention, is described in the step of carrying out installation agent merchant software on the subscriber equipment.

Fig. 6 has illustrated the content according to the label list of one embodiment of the invention.

Fig. 7 is the flow chart according to one embodiment of the invention, is described in and carries out the treatment step that unmarked software is installed on the subscriber equipment.

Fig. 8 is the flow chart according to one embodiment of the invention, describes the high-rise treatment step that system of the present invention realizes the monitoring of software usage.

Fig. 9 has illustrated the architecture according to the monitor center of one embodiment of the invention configuration.

Figure 10 has illustrated according to one embodiment of the invention, and software entity is in the content of the record of monitor center.

Figure 11 is the flow chart according to one embodiment of the invention, has described the processing that monitor center is carried out when acting on behalf of commodity inspection and measure relevant agential right in the software of having invaded him.

Figure 12 is the flow chart according to one embodiment of the invention, has described the treatment step of the monitoring programme of subscriber equipment when the calling procedure carried out to monitor center.

Figure 13 A and 13B are the flow charts according to one embodiment of the invention, have described the step of monitor center execution call treatment.

The data structure that Figure 14 has used when having described the calling that does not have monitor center in one embodiment of the invention.

Figure 15 is the flow chart according to one embodiment of the invention, the treatment step of the monitoring program of subscriber equipment when having described the calling that does not have monitor center.

Detailed description of the present invention

Fig. 1 has set forth the information system sample 109 of a configuration according to the present invention. Fig. 1 has described main member element of the present invention and has described in general manner their mutual operation relations between the context of the invention. Information system 109 comprises and connects 104 to 107, one of subscriber equipmenies or Togo ageng merchant 101, tag server 102, and the communication network of monitor center 103 (one of them appears in this sample embodiment) falls 109. The usage that the objective of the invention is monitor message (not having performance) stops the subscriber equipment installation or uses any information in the right of piracy of intellectual property rights or the owner or retail trader under the assistance of the equipment of information in subscriber equipment 104 to 107.

The use of monitor message of the present invention, purpose are to protect the intellectual property or other right. Information can be any type of with information electronics, magnetic, optics or other representative. The example of information has computer application or program, data, webpage, website, Downloadable application program (such as Java Applet), e-book, image, video, the music of recording or other information on compact disk, disk or tape, etc. In general; the present invention can monitor any type at computer or miscellaneous equipment (for example; the usage of the information of using under assistance subscriber equipment 104 to 107) is also protected the right of these information, mustn't consideration information be what or information storage or is transmitted on what actual physics medium.

Any such information, and any other type by the information that is subject to the present invention's protection of the technician of this area approval, at this or will be called as software later on. Decide any single copy of software, for example, the copy of the copy of application-specific, the copy of certain book or video reaches entity or the software entity that will be called as later software at this. The owner of software, agent or retail trader are at this and will be called as agent or ageng merchant later. By equipment or on equipment to installation, the use of the entity of software, carry out, browse, show, play, consult, print, copy, transmit or be accessed in this and after will be called as the use of this software entity.

Subscriber equipment 104 to 107 may be the equipment that uses any type of software, including, but not limited to computer system, books reader, music player (for example, tape player, compact disk (CD) player, shallow bid (MD) player), videotaping machine, digital video disc (DVD) player, the specific purposes equipment. Any such equipment will be called as subscriber equipment or be equipment after this reaches.

In preferred embodiment of the present invention; subscriber equipment (that is to say; in 104 to 107 one) be a computer system; information is computer applied algorithm or data, the invention provides a mechanism and comes the usage of supervisory computer system user's software or data so that the right of protection agent on software.

Communication network 100 may be the communication mechanism of any type, and this mechanism is so that member element of the present invention (101 to 107) can exchange message, for example message or signal. The example of communication network 100 is computer networks, such as internet, PSTN (PSTN), and infinite network (that is to say cellular network), or the computer of other type or information network.

According to general operation of the present invention, ageng merchant 100, and may more than an agent, produce and distributing software entity (in Fig. 1, not describing). Software entity can be installed or use on each subscriber equipment 104 to 107. As an example, be present on the tape if software is form with music, tape (being expressed as in the drawings tape player) can be installed on the subscriber equipment 105. Can be in physics or manual mode from ageng merchant 101 transmitting softwares and it is installed in subscriber equipment 104 to 107 (that is to say, as the situation of physical tape) on, maybe can (that is to say, utilize known data transmission mechanism to scatter and mounting software with the form of electronics by communication network 100.

Tag server 102 is computer systems that are coupling on the communication network 100, and it creates or produce label (not describing) in Fig. 1 for each software entity. Typically, all entities of designated software ground are identical. Preferably, single label is relevant with the single entity of the software of producing with ageng merchant 101. The software that preferably can access be created by ageng merchant 101 by privately owned communication path 108 tag servers 102, and the information creating that provides of label (such as the entity label) that preferably produce based on software content, title and other tag server or agent. Tag server 102 is by using communication network 100 also can be the acquisition software that makes marks

Alternately, may there be single ageng merchant 101 to sell a plurality of entities of different software, single tag server 102 may be arranged and be that single ageng merchant's a monitor center 103. Tag server 102 and monitor center 103 may be ageng merchant's parts (that is to say, be included in the identical computer system). Alternately, ageng merchant 101 association may be arranged, this association relies on and provides service by one or more common tag server 102 and monitor centers 103 of sharing.

In case for software entity has created label, label is spread to safely a subscriber equipment in the subscriber equipment 104 to 107, this subscriber equipment is included as the corresponding entity of the software of that label installation. The label of safety scatters preferably and occurs with electronic form by information network 100. For example, utilize TETS iPSEC or NETSCAPE ssl protocol to realize secure communication. System of the present invention may use the manual safety label to scatter. The example that the manual safety label scatters is to distribute label in the anti-tamper packing that comprises label and possible associated software entity.

In case at subscriber equipment 104 to 107 software entity and associated label have been installed, the user of that equipment (not describing) or equipment itself can attempt using software. Yet before allowing the software entity use, the monitoring programme on subscriber equipment 104 to 107 verifies that for the software entity of user or device request effective label exists in the subscriber equipment. Regularly, each equipment is communicated by letter by communication network 100 with monitor center 103, guarantee with subscriber equipment on software entity relatively all labels be effectively and their use meet the usage monitoring rules.

In other words, the present invention guarantees to rely on the equipment of software entity, use with effective respective labels to link together, and be validation verification and the inspection that the usage feature is carried out periodicity by the communication between subscriber equipment and the monitor center. The example of compulsory usage monitoring rules is that label appears on unique equipment. Judge the tag processes process (between subscriber equipment and monitor center 103, carrying out) whether subscriber equipment 104 to 107 can use software entity to be based on to be called calling.

Before being further explained in detail embodiment of the present invention, following table 1 provides nomenclature to help to understand various elements related to the present invention.

Table 1: term definition

Term	Definition
Term	Definition	ACTIONS	Be included in the action command in the continuity message CM, that software on the description equipment can use, and specifies the punitive action for the improper use of agent's software of detecting.
CALL-UP_POLICY_SW	With designated software SW or with the entity of software I NST_SW appointment relevant optional designated call rule, when described rule predetermining equipment must carry out the calling procedure with monitor center.	ACTIONS
CALL-UP_POLICY_SW		CM	Send to the continuity message of subscriber equipment, the current state of the usage license of the software entity on the equipment for indicating user from monitor center.
DEVICE INDENTIFIER	Method by hwid or use keeper's identifier ID (SP) marking equipment. This identifier is used in each software entity device identifier is combined in the embodiment in the test.	CM
DEVICE INDENTIFIER		FP(X)	The fingerprint that is calculated in input character string X by fingerprint function (for example, hash function)
GC	Monitor center	FP(X)
GC	Monitor center	HASH_INST_SW	According to HASH_SW, NAME, the hash function value that NUM_INST_SW and other possible field calculate.

HASH_SW	The hash function value of calculating in software SW content. Each entity of software SW has identical HASH_SW value. HASH_SW is another representation of HASH (SW). Sometimes, HASH_SW is the result of hash function value of the partial content of software.
HASH_SW		ID(X)，ID(SP)	The unique identification relevant with object X numbered alternatively. For example, ID (monitoring programme) is monitoring programme ground identifier number, be when equipment is opened for the first time, calculate by time of occuring in conjunction with open event and other possible information (comprising information that Surveillance center provides and the value in one or more memory address).
INF_SW	The unauthorised copies of agent's software SW or derivation version, it has invaded agential intellectual property or other right. Generally believe that the agent detects the propagation of infringement software and has lawful right to stop the use of infringement software. Infringement software comprises those labels by the software of inappropriate deletion or modification, perhaps, if having, the software that its device identifier test has been modified.	ID(X)，ID(SP)
INF_SW		INST_SW	The designated entities of designated software (copy) is to choose from the whole entity sets of software SW. The entity of all SW is identical.
NAME_SW	The title of designated software SW.	INST_SW
NAME_SW	The title of designated software SW.	NUM_INST_SW	The unique number relevant with designated software entity INST_SW. Numbering can be the mixed sequence of any numeral, character, letter or symbol or other form. Same generality is applicable to above-mentioned identifier ID (X).

POLICY(TAG_INST_SW) or USAGE SUPERVISION POLICY	As for the use restriction of intellectual property and access rights or the pay-per-use relevant with software, ageng merchant or other mechanism's specified rule. Rule may depend on the specific software entity. POLICY (TAG_INST_SW) is executed by monitor center GB and monitoring programme SP.
POLICY(TAG_INST_SW) or USAGE SUPERVISION POLICY		SP，SUPERVISING PROGRAM	Monitoring programme. Be integrated in the program on the subscriber equipment, provide mechanism to come to provide the usage monitoring for the software entity on the subscriber equipment.
PRIVATE_KEY_X	The privately owned safe key of the generation digital signature that X uses	SP，SUPERVISING PROGRAM
PRIVATE_KEY_X		PUBLIC_KEY_X	The recipient of data uses public keys, claims by X and carries out digital signature, the authenticity of inspection and certifying signature
SIGN_TS		PUBLIC_KEY_X
SIGN_TS		SIGN_TS	The digital signature of tag server
SIGN_X(M)	Digital signature on message M has following attribute: (1) only has X can generate SIGN_XM (M); (2) recipient of digital signature can verify the X M that signed.	SIGN_TS	The digital signature of tag server
SIGN_X(M)		SPARSE_SET	One group of sparse, safe coding in one embodiment, is the entity selection sole entity coding of all softwares. This coding can be by the physical process manufacturing
SPARSE_SET_SW	One group of sparse, safe coding, in one embodiment, NUM_INST_SW is the unique entity label of the entity selection of a designated software SW. Therefore, the entity X of software may have the entity label identical with software entity Y. This coding can be by the physical process manufacturing.	SPARSE_SET
SPARSE_SET_SW		SW	Be subjected to the software of the appointment of agent that the present invention protects, for example, the code of the software of Spread by name

TAG_INST_SW	The label relevant with the software entity INST_SW unique signature that can not forge or unsigned.
TAG_INST_SW		TAB TABLE	Be stored in table or file on the equipment, the information that comprises relates to the label relevant with software entity, relates in addition the information of the usage monitoring of use or software entity
UNTAGGED_SW	The software that does not have respective labels TAG_SW, the user attempts the software in subscriber equipment installation and use. For example, the software of shareware, freeware or user's establishment	TAB TABLE
UNTAGGED_SW		VRP	The proving program of monitor center GC

The detailed description of the technology of the present invention term

Certain embodiments of the present invention are complicated in itself. Therefore, some technical terms of using for some embodiment of the below provide other additional definitions:

1. fingerprint or hash function F: mapping (enum) data X is to the mathematical function of less data F (X), if X and Y equate that F (X) and F (Y) very likely equate so. As the example of hash function, X can be a byte sequence. In addition, preferably select at random a digital p, remain unchanged afterwards, 64 prime numbers. The byte sequence of X is regarded as numeral (write as 256 and be substrate, byte is that digital numerical digit) and F (X)=X mod p (X is to the p delivery). Therefore, the value of F (X) is 64 character strings, and no matter X has much.

2. without another name hash function H: the fingerprint function has further character, if given X calculate H (X) and be easy to, but it is difficult producing X ' that H (X)=H (X ') and X are different with X ' like this. Term " difficulty " refers to according to present technology, with the size of X, usually is considered to exponential or in fact infeasible the computing time that needs.

3. the use of software entity: install, use, carry out, move, connect, browse, obtain or revise storage medium in other side from storage medium, show, play, consult, print, copy, transmit or access software entity on equipment.

4. the partial content of software entity comprises all texts or the data of that entity, perhaps the sequence of the part of the text of that software entity or data composition. These parts need not be faces mutually, each other can be overlapping.

5. finger prints processing: the address sequence of data-oriented array, calculate some functional value of the value on those addresses. For example, if address 16,32, and 64 have

value

3,4 and 17, finger prints processing calculates 3,4 and 17 function so. This function may be simply the tabulation (three numerals in this example) of these values maybe may be the hash function of the tabulation of these values. In the another one example, the address may be I_1 to j_1, and I_2 to j_2 is until i_k to j_k. Finger prints processing may calculate the hash function value of each sequence of these k sequences in the array, and lists k the value of calculating.

6. fingerprint detection: the method that compares two fingerprint sequences. The present invention uses two kinds of fingerprint detections: coordination fingerprint detection and general fingerprint detection. In the fingerprint detection of two kinds of forms, the calculating of fingerprint row is based on the value that row contain address list. For example, supposing has three fingerprints at tabulation f1, and in f2 and the f3, f1 is calculated by the value on address 10,20,30 and 40, and f2 is that the value by address 30 and 60 calculates, and f3 is that the value by address 100 and 200 calculates. We claim this tabulation for sending tabulation. In the fingerprint detection of two kinds of forms, send the recipient of tabulation based on the value calculated fingerprint row of identical address tabulation. These fingerprint row are called to receive tabulates.

In the coordination fingerprint detection, equate that then the match is successful in statement if send each element in the tabulation and receive the respective element that is listed as in the newspaper. That is to say that first element in first element during transmission is tabulated and the reception tabulation is equal, second in the transmission tabulation is equal with second element that receives in tabulating, and analogizes in proper order.

In general fingerprint detection, if send tabulation and receive the identical element that abundant quantity is arranged in the tabulation in the situation of not considering the address, then the match is successful in statement. Quantity is only the abundant length that depends on the consideration of rule and obtain the data text of fingerprint, and this length is defined among the parameter k. For example, if k is 50 bytes, so few coupling to or smallest number may enough devices illustrated tabulations may with monitor center finger print data structure (Fig. 9,137) in tabulation represent same software. Further, other coupling of some matching ratio has more weights, so the coupling of the high weight of less amount may be just enough.

Except the transmission tabulation that sends fingerprint, the sender may send the tabulation that produces the address list that sends tabulation. This allow calculated fingerprint depend on can not be pre-random process.

7. unforgeable: label has unforgeable, if the security information that the adversary does not have tag server (Fig. 1,102) to use according to agential request produces the knowledge of label, producing an effective label is infeasible in calculating. The present invention uses digital signature (Fig. 3 A) and sparse array (Fig. 3 B and 3C) to reach the unforgeable of label as two preferred methods.

8. safety transmits: the mode of a kind of sending value X is in order to only have target receiver can see X, although the X transmission package that other agency may observe procotol or check. The letter head of submitting sealing by reliable courier be a kind of safety transmit a letter content mode. Utilize TESTS IPSEC or NETSCAPE ssl protocol to realize that it is that another guarantees the mode by the communications network security transmission that secure communication sends message.

9. event history: record the interval of the use of all trials, successful use, use and/or other event time of the unlatching relevant with label list for example. For two equipment identical event history is arranged unlikely, even they have identical software entity and identical identifier. Event history may be based on the overtime use record of one or more users of particular device.

Return now the discussion chart, Fig. 2 has illustrated in more detail according to the present invention the architecture of the system 109 of configuration. Fig. 2 uses as outline, is the comprehensive description of whole operation of the present invention. Run through this and describe, have the more detailed chart of describing each aspect of the present invention and be cited.

In the operation of system 109, software entity (INST_SW) 111 to 114 (being labeled as SW1, SW2, SW3, SW4) is created and is stored in agent's memory by ageng merchant 101. May have more than an ageng merchant 101. Ageng merchant 101 example has publishing house's (creating reproducible performance disc or the read-only books of electronics), develop computer software person (establishment software application), Data Collection company (establishment information database), single programmer etc. The software (SW) that ageng merchant 101 produces has represented the software content (SW) of actual inclusion information, data or code. Software (SW) can have relevant title (NAME_SW), and typically, this title is distributed by ageng merchant 101. Each software entity (INST_SW) 111-114 can be thought the independently physical copy of denominative software. That is to say that each software entity (INST_SW) of specific software (SW) only is the copy with that software of same names (NAME_SW) and same code, data or out of Memory content.

As an example, if a word-processing application is created and give a name (NAME_SW) by ageng merchant 101 " Write ", binary system or executable code, data or other information that forms the Write program are term software (SW). Each single copy of Write software (SW) (for example, each disk comprises a copy of program) is the different entity (INST_SW) of that software but has same software content (SW). Therefore at Fig. 2, each entity 111-114 may comprise same software content (SW), in this case, each entity 111-114 can have identical title (NAME_SW), perhaps, each entity 111-114 may represent the copy (that is to say different data, code or out of Memory) of different software (SW) and the title (NAME_SW) of each entity 111-114 typically can be different.

Tag server (TS) 102 creates the unique label that can not forge (TAG-INST_SW) 120 according to user's request for each software entity 111-114. In preferred embodiment of the present invention, single unique label be prepare for software entity and it is relevant with this entity. In other embodiment, a plurality of unique labels may be relevant with a software entity, and still, preferably, two different software entitys can not be shared a common relevant label.

For the label of request to create, the software entity of the label that tag server TS102 (Fig. 1) be about to create for it obtains a copy of (Fig. 3 A, 3B, and 3C, step 150) each designated software. For example, it may have one " Write 7.2 " copy, Write 7.2 is version or formal issue versions of Write program family. In general, label 120 is unique, that can not forge and relevant with the specific software entity (INST_SW) (that is to say, among the 111-114 one) data bit sequence. As what be about to explain, according to embodiment of the present invention, subscriber equipment 104 can not use software entity 111-114 in the situation that does not at first check effective label 120 (111-114 is relevant with software entity).

The label 120 of software entity 111-114 preferably is stored in 210 li of label lists on the memory device 200 (being coupling in subscriber equipment 104 or the integration section of this equipment). Only have by reference the label 120 that be stored in label list 210 relevant with software entity (among the 111-114) to use that software entity 111-114 at subscriber equipment 104, and the label 120 that only has entity 111-114 to be correlated with has the usage state (the example label list in Fig. 6, secondary series indication usage state) that allows or use software entitys by subscriber equipment 104. That is to say that the software of some appointment comprises such indication, that is exactly that it only could move when the label of the entity of that software occurs. (piracy may be deleted this indication, in this case, and the protection mechanism of unlabelled software, hereinafter detailed annotation will be applied). With this form, by specifying relevant effective label to appear on the subscriber equipment 104 with software entity, various aspects of the present invention allow and provide the use of control software in some embodiment.

Just as will be further explained, the ability (establishment of tracing and managing label, validation verification and pressure) of the member according to the present invention in the system of configuration provides unique being better than the in the past advantage of system aspect the control of software usage. In further discussion Fig. 2, before the remaining component of a system, the details that label creates is discussed first.

Fig. 3 A, 3B and 3C are the flow charts of describing the preferred embodiment for the treatment of step. This treatment step occurs in the process of 102 li establishing labels of tag server of configuration according to the present invention. Because chart is similar, their a lot of number of steps are the same, and two charts can obtain explaining simultaneously.

In step 150, tag server 120 obtains the copy 111-114 of the name software (NAME_SW, SW) that is about to be labeled in its local storage. In addition, tag server 102 obtains request from agent 101 for label (Fig. 2). At step 151A (Fig. 3 A) and 151B (Fig. 3 B) and 151C (Fig. 3 C), tag server 102 produces unique label (NUM_INST_SW). In the step 151A of Fig. 3 A, numbering is fully unique. Yet in the step 151B of Fig. 3 B and in the step 151C of Fig. 3 C, unique label (NUM_INST_SW) is from the inner selection of sparse array 118 (Fig. 2).

Sparse array 118 (Fig. 2) is one group of numbering of maintaining secrecy, and the entity label (NUM_INST_SW) of the entity of name software (NAME_SW, SW) is from wherein selecting. Preferably, and available Serial Number Range (for example, if specific software has 100,000,000 entities, surpassing 1,000,000,000 hundred million possible numberings by the scope of 64 definition) compares, and such label compares less. Therefore, array 118 is called as sparse.

It is sparse so that adversary or software piracy merchant produce effective entity label difficult. All softwares may have a sparse array, and perhaps each designated software by one group of relevant substantial definition has different sparse arrays. In preferred embodiments, the source of sparse array 118 entity numbering that is all software applications. Yet each designated software has sparse array 118 independently may allow the more simply generation of distribution management entity numbering.

For example, may have with above-mentioned " " one group of sparse numbering 118 that application software is relevant therefrom is that each entity (INST_SW) of Write software is selected entity numbering (NUM_INST_SW) to Write. Because security reason, may realize when needed or produce the newcomer of sparse array, for example, by access physical treatment course such as the photoelectricity counting equipment (the present invention does not show) of taking a picture.

In step 152 (Fig. 3 A and 3B), tag server 102 calculates the hash function value in the part of software (SW) or SW content. In preferred embodiment, if surpassing software entity (INST_SW) 111-114 who comprises same software content SW will be labeled, so, because comprising identical code, information and/or data, each entity 111-114 (that is to say, have identical SW content), for software (SW) only calculates hash function value HASH_SW one time. Moreover, only have value HASH_SW just to need tag server 102 to obtain or produce once, rather than be each copy of whole softwares. When many entities of same software (SW) need to be labeled, the time that label creates had been saved in this aspect of the present invention. In these cases, only need to calculate a hash function value HASH_SW. In alternative embodiment, only calculating a hash function value in the part of software content may be further optimization, because this may reduce the time that need to make up at tag server 102 and subscriber equipment 104-107 the hash function value.

(Fig. 3 A, 3B, 3C) is inner in step 153, calculates second hash function value HASH_INST_SW, and it is combined in the label relevant with software entity (INST_SW). Step 153 and step 152 different are that the cryptographic Hash HASH_SW that calculates in the step 152 is the same for all entity INST_SW of same software SW, but, in step 153 li, hash function value HASH_INST_SW is unique for each NUM_INST_SW of same software. In an embodiment, second hash function value HASH_INST_SW combines the title (NAME-SW) of software, the unique number of software entity (NUM_INST_SW), and the previous hash function value HASH_SW that calculates (step 152). The combination of other hash function value is such as only having title and software, or only has software and numbering, or other etc., may be considered to now provide those skilled in the art understandable similar function. This combination by the hash function coded data is within the scope of the present invention.

After having calculated cryptographic Hash HASH_INST_SW for software entity 111-114, may create signature label (Fig. 3) or that unsign (Fig. 3 B and Fig. 3 C) for those entities 111-114 by

step

154A and 154B. In the step 154A of Fig. 3 A, 111-114 has created signatures tab for software entity, yet has created unsigned label for software entity 111-114 in the step 154B of Fig. 3 B and 3C. Signatures tab has guaranteed that by the partial content of the ready label of digital signature label can not forge, even the entity numbering is predictable (for example, even they is serial numbers). The label of unsigning may not provide this protection; but because the label of unsigning that creates in step 154B preferably includes the entity numbering NUM_INST_SW that selects from sparse array 151B, this alternative has still guaranteed the unforgeable of label. The computing formula of signatures tab TAG_INST_SW is as follows among the step 154A:

TAG_INST_SW＝(NAME_SW，NUM_INST_SW，HASH_INST_SW， SIGN_TS(HASH_INST_SW))

Here, term SIGN_TS is the digital signature function of carrying out on hash function value HASH_INST_SW. Digital signature SIGN_TS utilizes private cipher key PRIVATE_KEY_TS117 to produce by tag server 102, this private cipher key is digital cipher, except tag server 102 self, it is maintained secrecy for all potential adversarys and all entities (entities) among Fig. 2.

The mode of calculating unsigned label TAG_INST_SW in step 154B is as follows:

TAG_INST_SW＝(NAME_SW，NUM_INST_SW，HASH_INST_SW)

After tag server 102 establishing label TAG_INST_SW, label is preferably transmitted safely and (is showed by TAGS120 in Fig. 2, and explain in the step 156 in Figure 13 A and 13B) to ageng merchant 101 and the monitor center 103 of asking, in monitor center tag storage at different tag databases (at Fig. 9, explain in 129,138).

The mode that the label 120 relevant with software entity (for example 111) and tag server 102 are prepared labels 120 provides many important purposes in the present invention:

(1) equipment (for example 104) can not use agent 101 software entity, unless equipment 104 storage or can the relevant effective label 120 of access, preferably, this label is maintained in equipment 104 ground label marks 210 (explaining in detail) unless inner and respective labels 120 has usage state (secondary series among Fig. 6) to allow or the directione propria of indication related entities 111 210 li of label lists in Fig. 6.

(2) by entrusting the calling procedure (Figure 12 that rules, 13A and B), later on detailed annotation, between equipment (for example 104) and monitor center 103, monitor center 103 can monitoring, identity verification, tracking, checking and general abstract factory attribute and guarantee that the use of the software entity 111 relevant with label 120 meets agent 101 about the usage monitoring rules (preferably being safeguarded at monitor center) of this entity.

(3) unforgeable of label 120 and label 120 have preferably guaranteed to only have a user or subscriber equipment 104 to have label 120 with the fact that secured fashion transmits, and this user or equipment have the right to obtain label 120 and used relevant software entity 111-114 in the situation that meets the usage monitoring rules about software entity 111 of agent's appointment (not having in the drawings performance) from agent 101 (or tag server 102). This aspect of the present invention stops adversary or pirated disc copier to attempt to create and/or attempt to use the copy of effective label 120, according to mechanism of the present invention, cause successively adversary/pirated disc copier, the subscriber equipment of validated user or use software entity 111 and respective labels 120 carries out the punitive action.

The composition that is appreciated that label 120 may have several selections. A kind of selection is the subset of the field here described. Especially, hash function value HASH_INST_SW may be not included in 120 li on label, therefore at 120 li remaining NAME_SW of label and NUM_INST_SW. The advantage of this embodiment is at the component of a system (for example, 101,102,103,104) with about only needing to transmit less data between the calculating of label 120. Drawback may be that the owner of label 120 may attempt label 120 is connected with different designated software entities 111. This point when HASH_INST_SW can with the time obtain stoping because value HASH_INST_SW depends on HASH_SW, and can use the HASH_SW checking to be correct or not change at the software SW of 111 li of entities.

The composition of another label may be as follows: NAME_SW, NUM_INST_SW, HASH_SW. Utilize this composition, each label 120 can be relevant with software, and the content of this software (that is to say hash function SW) and HASH_ SW coupling. The possible drawback of the method is that it may allow this possibility, and that is exactly that the pirated disc copier may produce illegal seemingly correct label 120. Depend on the complexity of the embodiment of the present invention of selecting the protection software application, the system of here describing is designed to alleviate various significant problems.

As other example, the composition of the third label 120 may be as follows: NAME_SW, NUM_INST_SW, HASH_SW, SIGN_TS (NAME_SW, NUM _ INST_SW, HASH_SW). In this type of label 120, digital signature SIGN_TS stops the forgery of label, because preferably only have tag server 102 process key SECRET_KEY_TS, it is essential that this key calculates for signature function ground.

May deleted another one label field be field NAME_SW. The advantage of this embodiment is the data conveying capacity that reduces between the component of a system. Title also can be unnecessary, if software entity INST_SW is designated as the operation of INST_SW or uses which label to occur by some means except title. Nameless label may be worked, and for example, if the ageng merchant just distributes a kind of software, in this case, ageng merchant 101 identifiers can be used as the title of the software of that agent's production. Alternately, in various softwares, NUM_INST_SW may be that the overall situation is unique, and NAME_SW is optional in this case.

May deleted another one label field be field NUM_INST_SW. The advantage that this label forms is to reduce the data volume that must be transmitted in network 100 merchants, uses simpler label generating method and does not need unique number selection course (for example, at Fig. 3 A, interpretation procedure step 151 among 3B and the 3C). Possible drawback is that the different labels with same NAME_SW (if keeping this field) may become and can't distinguish, and therefore identical entity 111-114 allows.

Another embodiment of label is to comprise extra field. For example, the monitoring programme of subscriber equipment (for example 104) (Fig. 4 209 in discuss in detail) unique identifier, the ID (SP) (209-A among Fig. 4) of indication, all may calculate from the combination of hwid. If the time available, that the monitoring programme of equipment 104 209 is activated for the first time, if available, the value of at least one memory address in the unique number that monitoring of tools program 209 is obtained safely from monitor center 103 and the equipment. In the chapters and sections of back, can discuss this point in more detail, but be the constructive process that more comprehensive relevant various labels are provided to the reader in the purpose of this proposition.

Identifier ID (SP) 209-A of the monitoring programme 209 of subscriber equipment 104-107 is included in 120 li on the label relevant with the software entity 111 that uses on this equipment, may supports the calling (hereinafter detailed annotation) of the lower monitor center of expense 103.

May being included in alternative label and label of the present invention, to create extra field in the embodiment be one group of fingerprint about the data assigned address in the software entity INST_SW. Fingerprint has detailed annotation hereinafter, but as they title hint like that, fingerprint is from one or more parts of software entity selection or unique coding of data area. The usage of fingerprint is set forth in the step 151D of Fig. 3 and 151E to some extent, selects in the drawings then calculated fingerprint and calculate Hash in the result on these addresses of address. The fingerprint of software entity 111 is included in monitoring programme (Fig. 4 of the inner permission of label 120 (relevant with entity) subscriber equipment 104-107,209, access software) whether the relation between checking INST_SW and the label is correct, verification method is to carry out coordination fingerprint detection (table 1 is below explained among Fig. 6) and compare with this group fingerprint in the respective labels at INST_SW. Use the fingerprint may be overlapping with the function of HASH_SW, for the verification of correctness of the correlation of label, they allow larger validity.

For the large entity INST_SW of software, for example, encyclopedia or video, the calculating of HASH_SW all needs monitoring programme to scan whole INST_SW, and this will need the appreciable time. If the label relevant with INST_SW comprises the fingerprint value of the above-mentioned fixed address that is calculated by tag server, monitoring programme (among Fig. 4 209) only need to be accessed in these addresses in the INST_SW, then calculates corresponding fingerprint value. Use above fingerprint can bring extra protection to be benefited, because tag server calculated fingerprint on the address, the address here may change along with pirate attack of time response.

If 102 parts in the SW appointment of tag server, rather than at whole SW calculating hash function value HASH_SW (Fig. 3 A﹠B, step 152), can obtain same efficient and benefited safely. May explicitly follow fingerprint to appear at 120 li on label at the inner assigned address of software entity INST_SW111-114 (tag server is each entity calculated fingerprint), or be included in the entity INST_SW, or inner in equipment 104-107 ground monitoring programme (Fig. 4,209). Be these fingerprint address combination that fingerprint can be that each entity INST_SW that is transmitting changes in the advantage of 120 li on label, fingerprint is as a kind of unique NUM_INST_SW and allow the casual inspection of software code change.

Therefore, by following field in conjunction with the label 120 that forms all among scope of the present invention: as Fig. 3 A, the label of the result generation in 3B and the 3C; Any above field is in conjunction with the form of adding about the monitoring programme identifier 209-A (Fig. 4) of subscriber equipment (for example, 104) (such as ID (SP), this value may be bonded to be calculated in the hash function value HASH_INST_SW); The combination of any above field adds the one group fingerprint relevant with the SW content, may be combined in the value of calculating these fingerprints in the hash function value HASH_INST_SW; And any superset of any combination of above-mentioned field. Although above-mentioned label and processing procedure have been described the appointment of embodiment of the present invention and realized, the technician of those this areas should be appreciated that the present invention generally provides label to come one or more entities of unique identification and control software.

In case created label 120 for software entity 111 to 114, in step 156, label 120 is sent to safely the monitor center database (at Fig. 9 by tag server 102,129, explain in 138) or subscriber equipment 104, or the ageng merchant, or any combination of above-mentioned entity.

Turn back to Fig. 2, tag server 102 secure distribution labels 120 are to one or more ageng merchants 101, monitor center 103 and subscriber equipment 104. If tag server 102 safe Transport labels 120 turn back to ageng merchant 101 but do not arrive 104-107, so the ageng merchant will secure distribution label 120 and software entity 111-114 to subscriber equipment 104-107. Optionally, it is what to separate with acquisition label 120 that subscriber equipment 104-107 obtains software entity, subscriber equipment can be directly or label 120. Optionally, can obtain label 120 from one or more monitor centers 103.

Although software entity 111-114 is in the optional embodiment of system 109 of the present invention, they oneself do not need to be distributed. Distributing software entity 111-114 can realize by many modes. Entity 111-114 may download from the ageng merchant by the download mechanism that communication network 100 (Fig. 1) is supported. The example of download mechanism has FTP (FTP), the PUSH agreement can send information to the recipient, TCP/IP and the relevant agreement in WWW (WWW), and other agreement by bus transmissioning data between computer processor, the perhaps computer network of other type such as communication network 100, for example, may be Internet (INTERNET).

Optionally, subscriber equipment 104 may be have been pre-installed software entity 111-114 by consumer equipment makers (not performance), and this manufacturer may or may not be the identical entity with ageng merchant 104. An example is that software entity 111-114 is embedded in the firmware of subscriber equipment. In another one is selected, the user of subscriber equipment 104 (not having performance in this figure) may buy the software entity 111-114 on the subscriber equipment read-only medium, such as magnetic encoded or floppy disk or optical medium such as CD-ROM, the DVD dish, video or audio cassette, holographic storage medium, or the medium that other can beared information. Obtain each above-mentioned optional mode of software entity 111-114 about subscriber equipment 104-107, according to the present invention, need to use relevant label 120, software entity can directly be accompanied software entity or can be sent to safely equipment individually or preferably.

As showing among Fig. 2, subscriber equipment 104 comprises the coupling to subscriber device stores mechanism 200. User device memory has the ability to safeguard each software entity 111-114, label mark 210 and fingerprint mark 126. The purpose of fingerprint and details and label list 126,210 can explained after a while in detail.

Fig. 4 root has been illustrated according to the present invention the preferred structure of the subscriber equipment 104 of configuration. Subscriber equipment 104 comprises the bus 206 of inner couplings user device memory 200, processor 201, internal memory 202, interconnection mechanism 203, and user's I/O mechanism 204. User's 213 user's equipment 104. User 213 is the individual preferably, although the present invention can be applied in some systems, and these systems, as here talking about, the usage monitoring is to be implemented in electronics structure valency in larger unartificial intervention environment. In originally illustrating, user 213 directly and software entity 111-114 emphasize alternately purpose of the present invention. In practice, user 213 may be mutual with user's I/O mechanism 204, under processor 201 controls. I/O mechanism provides I/O to arrive or from software entity 111-114 indirectly.

User's I/O mechanism 204 may be one or more keyboards, mouse, microphone, loudspeaker, monitor, multipurpose (heads-up) or virtual reality display, perhaps other to or from user 213 or and the input-output apparatus of mutual other mechanism (that is to say non-life) communication information of subscriber equipment 104. Input and output mechanism 204 also may as a kind of means, provide software entity 111-114 by it to subscriber equipment 104. In this case, I/O mechanism 204 may comprise that the mechanism that can be used for to user storage device 200 load informations is such as CD-ROM or DVD driver, scanner, floppy disk, perhaps other or internal memory 202 or buffering area (not performance in Fig. 4), these mechanism may be included in or be relevant with subscriber equipment (for example 104).

Interconnection mechanism 203 is interfaces of communication network 203 and may is such as modulatedemodulate bar device, NIC, unlimited transceiver, or out of Memory equipment.

User storage device 200 is used for safeguarding various members and the data that the present invention uses that it may be hard disk, floppy disk or CD drive, RAID array, file server, or other read/write store mechanism. Appointment be, as in the present embodiment, illustrating, user storage device 200 maintenance software entity 111-114, label mark 210, fingerprint table 126, monitoring programme 209 (Fig. 4) and comprise the operating system of core 208. Operating system 207, just as understood in the art, be typically when starting, be loaded into 202 li of internal memories and and processor 201 carry out together all operations were of the various members of controlling subscriber equipment 104. Optionally operating system and member of the present invention can be embedded in processor structure or comprise in the system of the present invention.

The example of subscriber equipment 104 is personal computer or work station. The processor that the example of processor 201 is based on Intel is such as match ocean (Celeron), Pentium, Pentium II, Pentium III, or 80 * 86 series or based on risc processor or the MIPS processor of SPARC. The name of these processors may be trade mark or the manufacturer of microprocessor separately. The example of operating system 207 is based on any operating system of Windows such as Windows NT, Windows 98, Windows 95, Windows CE or Window 3.1 (Microsoft by State of Washington RedMond makes), perhaps operating system 207 is, for example, based on the Solaris of the Sun Microsystems company of system such as the California Mountain View of UNIX. Other embodiment of subscriber equipment 104 may be to use the special equipment of the special processor 201 with customization or embedding such as operating system 207. The people of this area is appreciated that subscriber equipment 104, just as described above, may be the equipment by microprocessor control of any type. The present invention is not intended to be limited to the structure of subscriber equipment 104 among Fig. 4. On the contrary, any can all meaning in coverage of the present invention for the equipment of user's access software.

For the usage monitoring aspect of system of the present invention is provided, monitoring programme (SP) 209 and it and operating system 207 are provided, label list 210, software entity 111-114 and optional fingerprint table 126 (Fig. 4) are carried out together. Monitoring programme (SP) 209 is an entity that is independent of operating system 207 optionally, although it may be expansion wherein. Monitoring programme 209 by any programming language (for example preferably also is, C, C++, Java, compilation, or other Languages) software program write and also preferably this program API (AP) of using operating system 207 to provide come some function of mutual and control operation system 207. Optionally, 104 li of the subscriber equipmenies of embedded system, operating system 207, monitoring programme (SP) 209, and other data or member may all be embedded into or represented by circuit fully or be stored in the internal memory.

In the preferred embodiments of the invention, when each this subscriber equipment 104 starts (for example, powering up), operating system 207, monitoring programme (SP) 209 and label list 210 are read into internal memory from user storage device 200. When subscriber equipment 104 started for the first time, preferably, identifier ID (SP) 209-A of the monitoring program 209 of relevant devices was calculated and is stored in safe position. This identifier 209-A, as above nomenclature (table 1, ID (SP)) inner discuss like that, be based on some of following several in conjunction with calculating: hwid (if any); And the high accuracy timer (for example, microsecond) of 104 li of equipment. In system of the present invention, monitoring programme (SP) the 209th, the usage monitor-interface between software entity 111-114 and the operating system 207. But in the operating aspect of explaining in detail the usage monitoring that the monitoring program provides, software entity 111-114 and the relevant installation of label 120 on subscriber equipment 104 are discussed first.

This Fig. 5 has illustrated the step of the mounting software entity INST_SW on subscriber equipment 104 that relates to according to the preferred embodiment of the invention and relevant label TAG_INST_SW. Can label 120 and software entity 111-114 be loaded on the subscriber equipment 104 by user's I/O mechanism 204, perhaps can carry out electronic mounting through the reception of communication network 100 by interconnection mechanism 203. Step among Fig. 5 is preferably finished by the processor 201 of carrying out monitoring programme provided by the invention (SP) 209 codes. Monitoring program 209 can reside in 207 li of operating systems, for example, as the expansion of core 208, perhaps can be resident and carry out as the single process on core 208 and the operating system.

In either case, subscriber equipment 104 (is PC in this example, but given application of the present invention is in any miscellaneous equipment in meaning of the present invention) the step 250 of Fig. 5 li obtain to specify ten tons of entity years of name software (NAME_SW, SW)-. In step 251 li, subscriber equipment 104 obtains safely the label TAG_INST_SW relevant with the name software entity of step 250 li acquisition. In step 252 li, whether sign or the unsigned label of label TAG_INST_SW is judged by system of the present invention. The execution of step 252 can judge whether the SIGN_TS function appears in the label TAG_INST_SW by the label information that inspection receives. Next, monitoring program continues the reasonable correlation of checking label and this label and following software entity.

Tag server 102 is according to Fig. 3 A in the preferred embodiment of the invention, step establishing label in 3B or the 3C, and this label has 154B (Fig. 3 B and 3C) for the label of the signature content that produces of 15A (Fig. 3 A) in steps for unsigned label. If label TAG_INST_SW is the label of signature, step (Fig. 5,253) activating part monitoring programme (SP) is calculated hash function value V=HASH (INST_SW) and hash function value U=HASH (NAME_SW, NUM_INST_SWV). Then monitoring programme 209 fiducial value U and the value HASH_INST_SW that in label TAG_INST_SW, finds. If the inconsistent so label of the value of two comparisons is invalid. If be worth the further digital signature of verifying on the SIGN_TS (HASH_INST_SW) that is present in the label TAG_INST_SW of public keys PUBLIC_KEY_TS (Fig. 2,116) that the consistent so monitoring programme 209 with value V of U passes through to use tag server 102. If the tag server signature inner at SIGN_TS (HASH_INST_SW) do not pass through checking, label is invalid so. In step 253 li, when the invalid label TAG_INST_SW that obtains when the entity of finding the name software (NAME_SW, SW) that step 250 obtains and step 251 was relevant, software entity li went whistle in step 254.

If label TAG_INST_SW is unsigned label, step 257 activating part monitoring programme (SP) 209 is verified cryptographic Hash for the hash function value that is present in the label TAG_INST_SW, the same steps as of using above signatures tab to use. If the HASH_INST_SW value is evaluation reasonably not, the entity of the name software (NAME_SW, SW) relevant with invalid label TAG_INST_SW of the wrong and step 250 li acquisition of label TAG_INST_SW li goes whistle in step 254 so.

The refusal of step 254 li means that simply subscriber equipment 104 abandons or delete or do not allow to use software entity INST_SW and step 250 and the 252 associated label TAG_INST_SW that obtain. Step 256 also may be performed, the punitive action on its excited users equipment (for example, 104). The punitive action may comprise the use of shutting down or forbidding equipment for subscriber equipment 104. Punitive action meeting is discussed in detail in relevant usage monitoring function of the present invention.

Label for signature, if step 253 li hash function value and signature SIGN_TS (HASH_INST_SW) checking are passed through, perhaps for unsigned label, if step 257 a li hash function value HASH_INST_SW checking is passed through, step 255 is stored in user storage device 200 to the software entity INST_SW (111-114 in Fig. 2) relevant with this label so, and relevant software entity (for example, 111) relevant label TAG_INST_SW is stored in 210 li of label lists and state " is installed " and is attached to (Fig. 6 has illustrated the first row of table 210 in detail, has afterwards more fully explanation) on the label.

Comprise in label the optional embodiment of monitoring programme identifier ID (SP) 209-A, the monitoring programme identifier 209-A that monitoring programme 209 checking labels are 120 li be be stored in subscriber equipment 104 on monitoring programme 209 identical. Comprise in the optional embodiment of tabulating based on the fingerprint of the assigned address on the software content SW at label 120, the fingerprint that identical assigned address in the monitoring programme 209 checking fingerprint list match software SW calculates, here coupling is based on the coordination fingerprint detection, as in above definition, describe and explanation here the same.

Fig. 6 has illustrated the content of an example label list 210. Usually, label list 210 comprises the information purpose of monitoring programme needs is itself whether to allow to use software entity 111-114 for user 213 or the equipment 104 of judging subscriber equipment 104. By the processing mode that at once will explain, what monitoring programme 209 can detect software entity 111-114 judges that in the information of 210 li of label lists the usage of the label TAG_INST_SW relevant with the entity 111-114 of request monitors characteristic with attempt and Inspection and maintenance.

Termly, monitoring programme (SP) 209 can be carried out calling procedure, and calling procedure is subscriber equipment 04 and monitor center ground interface. In calling procedure, the proving program of monitor center 103 (Fig. 2) (figure, 315) checking is being carried out the label information of 210 li of label lists of each the software entity 111-114 that installs on the subscriber equipment 104 of calling so that the software entity 111 that the monitoring programme on the guides user equipment 104 is used according to user's 213 requests is made the judgement of usage monitoring.

Fig. 6 has showed the label list 210 of the equipment (for example, 104) in the preferred embodiment of the invention. The mark that each the effective label TAG_INST_SW120 that obtains for each mounted software entity 111-114 via the step 251 in Fig. 5 is stored in 210 li of label lists has " TAGS " first row. Label in the TAGS row that label list is 210 li is noted as TAG_INST_SW1, TAG_INST_SW2, TAG_INST_SW3, TAG_INST_SW4 and UNTAGGED_SW. The out of Memory of label list 210 (can explain in more detail) comprises the usage status list (secondary series) about each label, actuation time (the 3rd row), number of run (the 4th row) and service time (the 5th row). Monitoring programme 209 is used label list information for each tag entry (that is to say the row of each label list) and is judged the use request of how processing with each software entity 111-114 that label TAG_INST_SW is relevant separately.

Say brief introduction whether the User Status row indication monitoring programme 209 that label list is 210 li is available for user 213 or equipment 104-107 software entity 111-114. If software ground uses and allows, status Bar will be indicated " CONTINUED " or " INSTALLED ", yet be rejected " GC_DSABLED " if use. " INSTALLED " heel has " REMOVED " but the label TAG_INST_SWn of descriptive word indication software entity 111-114 formally is installed on the subscriber equipment 104 can not installs therefore again and can not use. The final state that row indication actuation time is carried out by monitor center (SP) 209 (Fig. 2) is judged the timestamp (for example, date and time) of (for example, last this call out and the time meta-explained later of label proof procedure). The number of times that the number of run row indication software entity 111-114 relevant with label TAG_INST_SWn (n is 1 to 4 here) that label list is 210 li is used at subscriber equipment 104-107. At last, row indication service time that label list is 210 li since the last calling procedure between equipment and the monitor center (in other embodiments, since installing), the total holding time that the software entity 111-144 relevant with label TAG_INST_SWn is used.

System of the present invention uses the various field relevant with each label (row 1) (to that is to say that purpose OK) is explained here. The row that the tag identifier label list is 210 li is based on the content of associated row, and monitoring programme 209 must judge whether given software entity 111-114 can rationally or effectively use by inspection tag table 209. The current usage mode field of selected line determines whether to use software entity (that is to say, in this example 111-114 one).

As what be about to explain, when allowing to use software entity, monitoring programme (SP) 209 can be followed the tracks of access times and the access times of software entity 111-114. This information can be used to make up the event history of subscriber equipment 104-107, and also can be used for other purpose such as following the tracks of by the use charging or by the software entity 111-114 that consults charging. Event history is the use that makes a stab, successful use, the time period of use, and the startup of other event such as equipment. Even two equipment are by identical software entity and same identifier, they also can not have identical event history.

In an embodiment, there are not two equipment to have identical software entity and same label or monitoring programme or device identifier. Yet knowledgeable software piracy person may attempt intactly to copy the disk image of an equipment to another one equipment, in this case, label, equipment and monitoring program identifier may be replicated fully. The present invention passes through to allow at least one unique identifier (namely in some embodiment, software label 120 or monitoring programme identifier 209-A) comprise such as the information of hardware processor identification number (namely, Processor Number Feature for example), this hardware identification number that identifier (for example, label 120 (row 1 in Fig. 6), SP ID209-A, device id) the related method that rises with par-ticular processor or equipment mainboard reaches and avoids this piracy. That is to say; if the pirated disc copier is by copying whole disc information and the disk that is replicated being transferred to other equipment walk around in proper order usage monitoring and protection of the present invention; the present invention can allow the hardware device identifier mechanism is combined in the label information and then can correspondingly check hardware identifier information in label validation verification (namely, in call handling process-wait to explain) process.

Should be understood that this embodiment replenished working service of the present invention in the mechanism of the equipment usage of monitor center 103 statistics, purpose is to follow the tracks of two equipment that same label information is used in attempt. That is to say, if the pirated disc copier from legitimate device 104 copy disks to another one equipment (namely, 107), according to aspects of the present invention, in the situation of this usage that copies legitimate device 104 fully, may use equipment 107 for the disabled user 213 of pirate equipment 107 hardly. Similarly, when each equipment 104,107 carry out calling monitor center 103 (Fig. 2) when verifying label, monitor center 103 (Fig. 2) will checkout equipment 104, in 107 one whether has inconsistent usage or call statistics relates to another one equipment (namely, another one in 104,107). Therefore, in case each equipment 104,107 sends calling, one in the equipment 104,107 will be used software to occur with the attempt of duplicity ground. In this, system of the present invention can carry out and be included in that the inner punitive of continuity message (after a while explain) moves to forbid the use of software, equipment on or armamentarium, the equipment or about their any combination. The present invention also can be to the illegal situation about using of authorized organization's report.

As the example by use charging or pay-per-use, use each time by the software entity 111-114 that uses charging, monitoring programme (SP) 209 is inner in the number of run field (row 4) of label list 210 to be label TAG_INST_SW record current use relevant with this entity 111-114. Can be used on the billing purpose after the number of run information.

Be included in a field HEADER_TAG_TABLE that also has of label list 210, its unique identification is about this specific label table 210 of this special user equipment 104. HEADER_TAG_TABLE may be unique on the basis of unique user 213 or unique user equipment 104. If label 210 is unique on the basis of unique user 213, each user account number on subscriber equipment 104 (namely, login account number) has its label list 210 for user 213. Unique user label list 210 is safeguarded label TAG_INST_SW for the software entity 111-114 that uses, and for example, only that user 213 may buy this software entity. In other words, if only have a label list 210, the present invention can use and the usage monitoring for many user's 213 tracking tags, otherwise each user has independent label list 210.

HEADER_TAG_TABLE preferably includes the Field ID _ TAG_TABLE of the unique identifier of relevant this label list 210 of indication. Field ID _ TAG_TABLE preferably includes ID (SP) 209-A of monitoring programme 209. In addition, it may comprise identifier, the identifier of subscriber equipment 104 ID (DEVICE) (for example, above-mentioned sequence number or machine id) and the identifier of operating system 207 ID (OS) of the user 213ID (USER) that label list therewith 210 is relevant.

The example of user identifier ID (USER) may be the combination of user name and/or password. The example of the identifier of subscriber equipment ID (DEVICE) may comprise machine name, machine id, IP address, the appointed information of the equipment 104 of can distinguishing of sequence number or other hardware or equipment and miscellaneous equipment (for example, 104-107 among Fig. 1).

ID (SP) 209-A for example, may comprise information correlation time based on high precision clock (205 among Fig. 4) that equipment 104-107 powers up for the first time. If high precision clock 205 is accurate to Millisecond, two of distinct device ID (SP) 209-A will can not equate so. In order to reduce the equal risk of ID (SP), ID (SP) 209-A also may comprise available hardware sequence number and from the available numbering of Surveillance center 103 (Fig. 2). To copy disk image be possible for being thought of as people for piracy, and two equipment might have identical ID (SP) in this case. As sketch above and next further explain, in calling procedure, (Fig. 2) can catch this situation by monitor center 103. Operating system 207 also may have unique identification information such as sequence number or similarly can be used for the identifier of Field ID _ TAG_TABLE.

Field HEADER_TAG_TABLE (the first row of label list 210 among Fig. 6) also comprises " last monitor center continuity message " field LAST_GC_CM, " last call time " field LAST_CALLUP_TIME and " device start number of times " field NUMBER_DEVICE_POWERUPS. In addition, a field comprises two fields relevant with event history: current event is historical: the Hash HASH (EVENT_HISTORY_AS_ OF_MOST_RECENT_CALLUP) of HASH (EVENT_HISTORY) and the last event history of calling out.

The LAST_GC_CM field of gauge outfit comprises the continuity message value, this value is the message that can not forge from monitor center (GC) 103 (Fig. 2), and this message comprises the coding of label list 210 lastest imformations and is user equipment monitors program SP required movement and punitive action by monitor center GC103 (Fig. 2). The LAST_CALLUP_TIME of monitoring programme 209 usefulness label lists 210 gauge outfits judges when need according to the calling of CALL-UP_POLICY initiation to GC103 (Fig. 2) in conjunction with other label list data. NUM_POWER_UPS is used in this locality and judges when need to call out as the part of method.

Event history may comprise when information such as the software entity 111-114 on the equipment 104-107 activates and the outside is input to subscriber equipment 104-107 (namely, user 213 is mutual) and may when occurs. What the purpose of event history was based on the past behavior of equipment or equipment makes to describe equipment 104-107. This may be useful because static informations such as monitoring programme 209-A and label 120 may be copied into another one equipment from an equipment 104-107, even but resembling the multidate information that is embodied in the event history also is differentiated for the equipment 104-107 that identical static information is arranged. Because event history can be very large, need hash function value rather than the event history self of maintenance event history. Preferably, to continue in calling procedure in order allowing to process, to keep two event history hash function values.

As what explain hereinafter, continuity message CM (Fig. 2,212; Figure 13 B, 423) preferably also be stored in the LAST_GC_CM field of label gauge outfit (the first row of the table 210 among Fig. 6). CM 212 are monitor centers 103 (Fig. 2) with the calling procedure of subscriber equipment 104 in the message prepared and preferably by monitor center 103 (Fig. 2) it is sent to safely and carries out the equipment 104-107 that calls out. Continuity message CM 212 comprises information so that the monitoring programme on the subscriber equipment 104 (SP) 209 can judge which software entity 111-114 is allowed to continue to use or be under an embargo because of improper use, also can define other action or the punitive action carried out by monitoring of tools program 209.

The LAST_CALLU_TIME field comprises the timestamp that last call treatment (waiting to explain) occurs, and the NUM_DEVICE_POWER field comprises the number of times that subscriber equipment 104 starts. As what explain hereinafter, monitoring programme (SP) 209 on each subscriber equipment 104 is responsible for safeguarding the accurate information of 210 li of (although unnecessary generation) label lists, comprise such as NUM_DEVICE_POWERUPS, LAST_CALL_TIME, and LAST_GC_CM continues the gauge outfit information such as message. That is to say that continuity message (CM) 212 (Fig. 2) produce and passed to safely monitoring programme (SP) 209 on the subscriber equipment 104 by monitor center 103 (Fig. 2). When receiving, monitoring programme (SP) 209 preferably is responsible for analyzing continuity message (CM) (Fig. 2) and is upgraded the nearest usage monitor message of label list reflection (namely, upgrading the label list field).

Information in a field HEADER_TAG_TABLE can unique identification label list 210 and monitoring programme (SP) 209 usefulness it come the usage monitor message of each the software entity 111-114 of update contruction on subscriber equipment 104. This thinking is that the label list 210 that relevant each user or each user and/or subscriber equipment 104 combine can identify via other label list 210 of other user 213 or the HEADER_TAG_TABLE of other subscriber equipment 104 or user/subscriber equipment.

When new software entity 111-114 and associated label 120 obtain via the step of Fig. 5 and install or when using, the value of the entity of the label list 210 of label TAG_INST_SWn (namely, label list 210 li row) action train value is set to INSTALLED and indicates the software entity 111-114 that label is relevant therewith newly to be added into or to be installed in subscriber equipment 104. Be worth or be the time of sky or indication installation actuation time. Number of run and service time train value be set to zero or " 0 " or for empty.

According to a further aspect of the invention, can be inserted into table 210 li for software entity 111-114 provide usage monitoring, these entities not to be created relevant label TAG_INST_SW (first row). Any such entity 111-114 is called as unmarked software entity or is called simply unmarked software. The example of unlabelled software is the software that user 213 makes. The software that the user makes may be legal making, resembles the situation that user 213 write or made software program or song. The software that the user makes also may unlawfully be made, and in this case, is called as infringement software I NF_SW. Allowing subscriber equipment 104-107 to use legal unmarked software is that usage monitoring that need and of the present invention allows like this. Yet at the same time, according to mechanism of the present invention, the present invention detects and comprises use, if necessary, also can carry out the punitive action at subscriber equipment 104-107, if usage flag or the unlabelled infringement software of that equipment attempt.

For example, may make infringement software I NF_SW according to following mode. The pirated disc copier is by obtaining the legal designated software entity 111-114 on the CD-ROM, such as books or application program, and all references of any required label 120 of deletion in the installation procedure that carries of that software. Then the pirated disc copier may be referred to as with different names the copy (namely, not quoting relevant label at needs) of unlabelled software marketing software after changing. Another one is that the pirated disc copier revises or inherit legal agential software SW and the infringement software made without the example of label software, and for example, unauthorized is translated into the version that another language or application program recompilate to agential books. System of the present invention prevention, tracking and protection are in the use of subscriber equipment 104-107 merchant's non-authorised software.

In order to accomplish this point, the present invention introduces the concept that is called as fingerprint technique. Say that in essence fingerprint technique produces the value relevant with software entity, this value is unique for the software content of that entity. If can obtain the fingerprint of the copy of the illegal software entity of making, the invention provides a kind of method and detect the attempt that other subscriber equipment 104-107 uses the copy of similarly illegally making. According to the present invention, when user 213 fingerprint relevant with specific software when subscriber equipment 104 attempts are installed or used unmarked software is preferred.

Fig. 7 is illustrated in the upper process that unmarked software is installed of subscriber equipment (in this embodiment, user's equipment 104 during discussion). In step 330, user 213 installs (or making) unlabelled software entity (namely, unlabelled entity 111-114) at subscriber equipment 104. For example, unmarked software UN_TAGGED_SW may be simply with binary data (STRING[0. N]) form of the string label that occurs and not have at the beginning to be correlated with. In step 31 li, when unmarked software 111-114 was used in attempt, monitoring programme (SP) 209 detected 210 li of label lists and does not exist the label of this software entity and then monitoring programme (SP) 209 to use fingerprint function F P to obtain the fingerprint of unmarked software entity 111-114. For example, the fingerprint function may be hash function.

In step 331, the value that each fingerprint Xi and fingerprint function produce equates, fingerprint function F P is preferably at the partial content STRING[i of unmarked software, i+k-1] upper calculating, at this, for the fixed standard k 0＜=I＜=m-k+1 that satisfies condition. M is the index of selecting. In other words, fingerprint function F P is at unmarked software data STRING[0 ... N] selection portion divide and calculate, be the total length of unmarked software step-by-step meter at this N. Preferably, the fingerprint function produces many fingerprints (m), one by one skew. In step 332, monitoring programme (SP) 209 is at the fingerprint of 210 li storages of fingerprint table from Xi1 to Xim of subscriber equipment 104.

In optional embodiment, the generation of fingerprint is based on the discontinuous content of part of unmarked software.

In the optional embodiment of another one, fingerprint is that the behavior based on software is calculated in software application. The example of behavior may be a series of system calls that software produces. For example Games Software has the mode of writing screen of appointment. These modes may be incorporated in the fingerprint of software entity.

Finally, in step 337, monitoring programme (SP) 209 creates the appearance that unlabelled label entries UNTAGGED_SW is used to refer to the unlabelled software entity 111-114 on the subscriber equipment 104 210 li of label lists. UNTAGED_SW label that label list is 210 li uses that hash function or other means are unique to be associated label UNTAGGED_SW and the unlabelled software entity that obtained fingerprint. Use above-mentioned processing procedure, anyly use or attempt that unlabelled software entity 111-114 is installed all causes unlabelled entity to be fetched line at subscriber equipment 104, also cause at 210 li establishing label UNTAGGED_SW of label list.

As explaining after a while, the use of the infringement software I NF_SW that monitor center 103 (Fig. 2) use fingerprint table 126 detection monitor centers 103 (Fig. 2) have been recognized. The details of relevant fingerprint of the present invention aspect discusses in detail after a while again.

Fig. 8 has showed the high-level steps that system 109 of the present invention carries out in user 213 software entity (INST_SW) 111-114 of attempt use on subscriber equipment 104. In step 270, user 213 is by using the user's I/O mechanism 204 on software entity 111-114 and the subscriber equipment 104 to carry out alternately. In step 271, monitoring programme (SP) 209 is caught software activation and is used calling of entity 111-114. In this, monitoring programme (SP) guarantees that requested software entity 111-114 has indication 210 li of label lists " continuation " the label TAG_INST_SW of state. Yet in preferred embodiment, before checking single label TAG_INST_SWn, monitoring programme (SP) 209 guarantees that label list 210 self is state effective or that upgrading. The state of remaining valid means that label list 210 is up-to-date and upgrades its content in the calling procedure needs. Correspondingly, in step 272, monitoring programme (SP) 209 access tag tables 210 judge that current whether the needs makes a call to Surveillance center 103 (Fig. 2).

In optional embodiment, if comprise fingerprint in the label, the software entity that monitoring programme SP209 may use the inspection of coordination fingerprint technique using is rationally relevant with this label.

System of the present invention regularly carries out call treatment, verifies again that validity forces the usage monitoring rules of each label TAG_INST_SWn of 210 li of label lists simultaneously with producing effect. Calling procedure occurs between monitor center 103 (Fig. 2) and the subscriber equipment 104. May there be many trigger events to cause making a call to monitor center 103 (Fig. 2).

For example, determine and to produce by the LAST_CALL-UP_TIME field in the inspection tag gauge outfit HEADER_TAG_TABLE in the step 272 li calling of making. If above the time in certain past, needing so to be initiated to the calling of monitor center 103 (Fig. 2) and then proceed to step 273 a li calling, the timestamp in the LAST_CALL-UP_TIME is performed. Optionally, label list 210 may have self calls out rule (CALL-UP_POLICY), and this rule definition is in order to call out one group of rule or the condition that needs to satisfy.

In other embodiment, the calling rule relevant with single software entity 111-114 arranged. In this case, step 272 can check the criterion of the calling rule relevant with software content SW or software entity (INST_SW) 111-114 of standard or step 270 li user 213 request accesses. In other embodiments, if unlabelled software entity is used in the user of subscriber equipment 104 213 attempts, step 272 may require to call out to need. In other embodiments, if the software of the user of subscriber equipment 104 usage flag 213 first time, step 272 may require to call out to need so. In other embodiments, maximum between the continuous calling procedure allows the interval preferably by the access times of the holding time on the subscriber equipment 104, software entity 111-114 and the number of times that uses duration, equipment 104 to power up, and/or the related method of use of other and time or equipment 104.

Call treatment can discuss in detail after a while. Yet, say that in essence in the middle of call treatment, (SP) 209 of the monitoring programme on subscriber equipment is sent to monitor center 103 (Fig. 2) safely to the copy of label list 210 and fingerprint table 126. After checking, monitor center 103 (Fig. 2) relatively jeopardizes safe label each label TAG_INST_SWn of 210 li of label lists and one group, and monitor center 103 (Fig. 2) can detect invalid or jeopardize safe label under some form.

Monitor center 103 (Fig. 2) checks that equally also the usage monitoring rules POLICY (TAG_INST_SW) relevant with each label guarantees the use symbol usage monitoring rules POLICY (TAG_INST_SW) of label 120 (and the software entity of being correlated with these labels thus). Rule may be whole subscriber equipment 104-107's or take unique user 213 or single label 120 as the basis. Equally, for unlabelled software, monitor center 103 (Fig. 2) comparison fingerprint table 126 and finger print data structure (explaining after a while) detect the use of infringement software I NF_FW. After finishing analyzing tags table 210 and fingerprint table 126, monitor center 103 (Fig. 2) is prepared and is sent continuity message (CM) 212 (Fig. 2) to subscriber equipment 104.

In optional embodiment, also can be by the software of fingerprint technique check mark. This embodiment stops the pirated disc copier that the software dispatch that the entity of the designated software of piracy of intellectual property rights or other legal agent's right serves as a mark is gone out, and that is to say, is carrying the legal label that obtains from tag server 102. The monitoring programme 209 of subscriber equipment 104-107 is also carried out fingerprint technique to the software entity 111-114 of mark and is processed in this embodiment, and the fingerprints that calculate in its 126 li storages of fingerprint table. In calling procedure, the marker software entity 111-114 that uses from subscriber equipment 104-107 obtains fingerprint and also is sent to monitor center 103 (Fig. 2) for detecting the software of encroaching right.

Continuity message (CM) 212 (Fig. 2) comprise the information of behaviour's or subscriber equipment 104 self the operation of software entity 111-114 on the many and diverse influences subscriber equipment (for example, 104). For example, if monitor center 103 (Fig. 2) detects invalid label TAG_INST_SWn about subscriber equipment 104 at label list 210, the continuity message that Surveillance center returns to subscriber equipment 104 may cause subscriber equipment 104 to become unavailable or at the appointed time in the section or for good and all forbid it. Optionally, continuity message (CM) 212 may cause subscriber equipment 104 can not use the specific software entity 111-114 relevant with invalid label 120.

The action definition that subscriber equipment 104 is taked is at the action part of continuity message (CM) 212, and this is explaining after a while in more detail. Continuity message 212 is also by the information of 210 li of the label lists that monitoring programme (SP) 209 makes to upgrade of 104 li of subscriber equipmenies. For example, row actuation time that label list is 210 li may be upgraded by the timestamp of nearest continuity message (CM) 212, provide thus indication explanation monitor center 103 (Fig. 2) to check the nearest time of each label TAG_INST_SWn.

Continue to describe the processing procedure among Fig. 8, after step 273 terminated call was processed, step 277 (namely, by continuity message 202) was upgraded the label list 210 on the subscriber equipment 104, and processing procedure is returned step 272 afterwards. In case subscriber equipment 104 is judged the calling to monitor center 103 (Fig. 2) do not need this moment, processing procedure continues the usage state of the specific software entity 111-114 of 270 li users of step 274 determination step, 213 request uses.

In step 274, the monitoring programme that subscriber equipment is 104 li (SP) 209 substantially check 210 li of label lists and the relevant label TAG_INST_SWn of software entity 111-114 request the usage status Bar. If usage status Bar indication " continuation ", monitoring programme (SP) 209 allows at the step 275 li software entity 111-114 that use is asked to core 208 transmitted signals of operating system 207 so. If 210 li of label lists and the relevant label TAG_INST_SWn of software entity 111-114 request usage status Bar indication " GC_DISABLED " or " deletion ", monitoring programme (SP) 209 is refused at step 276 li use software entity 111-114 so.

If allow to use the software entity 111-114 of request, the value in the number of run row of 209 label TAG_INST_SWn relevant with the software entity 111-114 of request of monitoring programme (SP) increases by 1. Monitoring programme (SP) 209 also follow the tracks of request software entity 111-114 service time quantity and correspondingly for this reason tag update service time row.

Fig. 9 illustrates the preferred embodiment of the architecture of monitor center 103 (Fig. 2). Monitor center 103 (Fig. 2) comprises bus 306, internal memory 302, interconnection mechanism 303, clock 304 and the monitor center authorization database 300 with processor 301 couplings. Monitor center 103 (Fig. 2) preferably high performance computer system is processed a plurality of affairs such as carrying out simultaneously Multiprocessing. For example, interconnection mechanism 303 is that modem group or the connection of one or more express network allow monitor center 103 (Fig. 2) to communicate by letter simultaneously with many subscriber equipmenies 104 by communication network 100.

Monitor center 103 (Fig. 2) authorization database (GCDB) 300 is large database subsystem or disk or have the RAID array of ability of storage magnanimity information preferably. In this embodiment, GCDB comprises the software database 138 (Fig. 9) for the software entity save data of mark of mark, and finger print data structure 137. The software database 138 (Fig. 9) of mark comprises call record (Figure 10 of the software entity of each mark on relevant each subscriber equipment 104,320,321) content of these databases 137 and 138 (Fig. 9) and use will be done to explain in detail after a while.

In the operation of monitor center 103 (Fig. 2), internal memory 302 is used for storage proving program (VRP) 315, and it and processor 301 cooperate together and carry out the function of monitor center described herein. Internal memory 302 is also stored subscriber equipment label list 210 and fingerprint table 126, and fingerprint table 126 is transmitted to monitor center 103 (Fig. 2) and is used for label checking and usage monitoring judgement in the middle of above-mentioned calling procedure.

Figure 10 has described software entity (for example, 111-114) the data structure 320,321 of inner relevant each mark of the software database 138 (Fig. 9) that is maintained in the inner mark of monitor center 103 (Fig. 2). Tag data structure 320 offers monitor center 103 (Fig. 2) by tag server 102 at first for each software entity 111-114 establishing label 120 time. Tag server 102 provide label 120 to the mode of monitor center 103 (Fig. 2) preferably on communication network 100 via the form distribution of the form of electronics and safety. Optionally, the ageng merchant is responsible for guaranteeing that monitor center 103 (Fig. 2) knows the relevant label information that is distributed to each software entity 111-114 of subscriber equipment 104-107 always.

Tag data structure 320 for the software entity of each use on the subscriber equipment 104 is present in the software database 138 (Fig. 9) of mark. Just as stated, each tag data structure 320 comprises many fields. These fields comprise the label of relevant that software entity TAG_INST_SW, the usage monitoring rules POLICY (TAG_INST_SW) of that software, and a group of one or more call record CALL-UP_RECORDSn321 of relevant that software entity is quoted.

The rule P LICY (TAG_INST_SW) relevant with the label TAG_INST_SWn of relevant software entity 111-114 be by ageng merchant or other organization regulation, and define the protection of relevant usage right or by criterion and the rule of the limited-access of using charging for the software entity relevant with that label. For example, the tag data structure 320 relevant with designated software entity 111-114, POLICY (TAG_INST_SW) data may comprise that the rule statement is for the expense of the each time user equipment 104 necessary payment regulations of software entity.

In the middle of call treatment, (explain after a while), when monitor center 103 (Fig. 2) receives label list 210 from subscriber equipment 104, the number of times of the specific software entity 111-114 that subscriber equipment 104 has used can be decided by the number of run row of the label TAG_INST_SWn of 210 li of the label lists of relevant that software entity. Then 138 li (Fig. 9) inner rule P OLICY (TAG_INST_SW) about the tag data structure 320 relevant with that label TAG_INST_SWn of software database of searching at mark of monitor center 103 (Fig. 2). Monitor center 103 (Fig. 2) judge the access times of the number of run field indication of 210 li of label lists whether greater than from the previous numeral that obtains of call treatment once. If so, monitor center 103 (Fig. 2) records this information for billing purpose in order to send to the user 213 of the owner or subscriber equipment 104 in the future.

Monitor center 103 (Fig. 2) permission specific software entity 111-114 can define other usage monitoring rules POLICY (TAG_INST_SW) so that can only use some number of times. When the number of times that uses surpassed, monitor center 103 (Fig. 2) caused that the value in the usage mode field of 210 li of the label lists of subscriber equipment is set to " GC_DISABLED ", this field is that the label relevant with above-mentioned software entity is associated. It is to specify suitable information by monitor center 103 (Fig. 2) in the continuity message that sends to subscriber equipment 104 behind the analyzing tags table 201 that this variation comes into force at subscriber equipment 104. When the software entity 111-114 relevant with forbidden label TAG_INST_SWn used in subscriber equipment 104 attempts, as explaining among Fig. 7, use will be rejected.

Inner inner each tag data structure 320 of the software database 138 (Fig. 9) at mark of monitor center 103 (Fig. 2) comprises and resembles many quoting to call record CALL-UP_RECORDn321 that shows among Figure 10. Call record CALL-UP_RECORDn321 comprises CALL-UP_TIME call time, field HEADER_TAG_TABLE from the label list 210 of calling user device 104, the optional hash function value of label list 210HASH (TAG_ TABLE), and action field. Therefore, no matter send the number of label, each calls out corresponding CALL-UP_RECORDS.

The CALL-UP_TIME field is the timestamp of current C ALL-UP_RECORDn indicating call. HEADER_TAG_TABLE comprises the label list gauge outfit of label list 210, and label list 210 comprises the TAG_INST_SWn of relevant this tag data structure 320, as receive among the calling procedure n from the calling user device 104. HASH (TAG_TABLE) field comprises the hash function value calculated of all data 210 li of label lists without another name, and label list 210 comprises the TAG_INST_SWn relevant with tag data structure 320. At last, action field is listed the action of being stipulated by monitor center in the middle of calling procedure n, and the software entity 111-114 relevant for the label TAG_INST_SW of relevant tag data structure 320 carries out these actions. Use the tag data structure 320 of relevant each software entity 111-114, monitor center 103 (Fig. 2) is to safeguard and the related details of usage monitoring mechanism via the software entity 111-114 that subscriber equipment 104 uses.

Figure 11 performance causes being maintained in the treatment step that the inner finger print data structure of monitor center 103 (Fig. 2) 137 creates. Resemble before mention about Fig. 7 with explain, when unlabelled software, software that also may mark, when subscriber equipment 104 used, fingerprint was created and is stored in the fingerprint table 126 of each subscriber equipment 104 for the first time. According to the present invention, the software piracy merchant may invade legal agential right by the part software of copy agent's software and the affirmation of removal request label or the derivation version of making and distribution legal software. The software that produces like this is called as infringement software I NF_SW. Finger print data structure 137 in 103 li establishments of monitor center can be included in the fingerprint that infringement software entity INF_SW calculates.

In Figure 11, step 340 li, ageng merchant 101 detects the existence of the entity of infringement softwares (INF_SW). In step 341 li, ageng merchant 101 submits the copy of the entity of infringement software I NF_SW to monitor center 103 (Fig. 2). Infringement software only is a string binary digit (bit) STRING[0...N]. In step 342, monitor center calculates one group of fingerprint Yi at the infringement software entity, uses and the same fingerprint formula calculated fingerprint of monitoring programme (SP) 209 on each subscriber equipment 104. That is to say that the computing formula of a series of fingerprint Yi is as follows:

Yi＝FP(STRING_INF[i，i+k-1])

At this 0＜=I＜=n-k+1, n-k is the fingerprint number that will calculate. Then, in step 343, monitor center 103 (Fig. 2) is each the fingerprint Y1 that calculates ... Yn-k+1 is combined to 137 li on finger print data structure in the GCDB300. In optional embodiment, calculated fingerprint on the non-continuous series of STRING_INF, these sequences are unique for INF_SW or almost are unique.

Finger prints processing finishes at monitor center 103 (Fig. 2) like this, and infringement software I NF_SW may be abandoned or can be used for other local monitor center 103 (Fig. 2) at this or other communication network 100.

In this, the monitoring programme on subscriber equipment 104 (SP) 209 detects the software entity UNTAGGED_SW111-114 that unmarked (may encroach right) used in request, the fingerprint of monitoring programme (SP) 209 record UNTAGGED_SW. When SP209 carried out calling procedure to monitor center 103 (Fig. 2) Transport label table 210 and label list 126, the fingerprint of the UNTAGGED_SW of record will be sent out afterwards. In an embodiment, the access request of the unlabelled entity of use on subscriber equipment 104-107 may cause the generation of calling. Use general address fingerprint technique, the fingerprint that fingerprint table is 126 li may be compared with the fingerprint of 137 li on finger print data structure on the monitor center 103 (Fig. 2). If to be monitor center 103 (Fig. 2) that recognized and the copy of the infringement software entity INF_SW of fingerprint that have oneself for software entity UNTAGGED_SW, this can be detected and be performed at subscriber equipment 104 via the continuity message 212 punitive action meetings of returning. In other embodiments, the system call behavior of the INF_SW expectation on the system call behavior of the UNTAGGED_SW on the subscriber equipment 104 (namely, the order of system call) and the monitor center 103 (Fig. 2) is compared. In other embodiments, in the end the step of detailed art is applicable to the situation of the use of request marks software on the subscriber equipment too in two paragraphs.

Except fingerprint technique of the present invention aspect, in the middle of the calling procedure of be about to explaining below, the inner proving program 315 of monitor center 103 (Fig. 2) also reads and relatively information and the inner information purpose of label software database 138 (Fig. 9) of 210 li of label lists are to make usage monitoring decision-making.

Figure 12 illustrates the step that monitoring programme (SP) 209 is carried out, and monitoring programme operates in subscriber equipment 104 and carries out calling procedure in the preferred embodiments of the invention. Step in Figure 12 li is performed in the step 273 of Fig. 8.

In the step 370 of Figure 12 li, monitoring programme (SP) 209 is called out monitor centers 103 (Fig. 2). The implication of calling out is monitoring programme being connected and exchanging messages by communication network 100 foundation and monitor center 103 (figure) on the subscriber equipment 104. In preferred embodiment, monitoring programme (SP) 209 sends HEADER_TAG_TABLE for monitor center 103 (Fig. 2). Monitor center 103 (Fig. 2) does not comprise the ID_TAG_TABLE of equipment unless can not cause the previous continuity message of call failure, and the time of the last LAST_CALLUP_TIME of calling, the CALLUP_TIME with the last CALL_UP record with identical HEADER_TAG_TABLE equated. Even being several equipment 104-107, the advantage of this embodiment has identical ID_TAG_TABLE (row 1 of label list 210 among Fig. 6) and identical label 210 (usually owing to pirate situation about occuring), those identical equipment may receive, but because the reason of explained later will can reasonably not accepted identical continuity message 212, therefore only have an equipment (namely, among the 104-17) will send specific HEADER_TAG_TABLE.

In order to respond the user in the attempt of equipment 104-107 use software entity 111-114, the generation of calling out just as described above meets CALL-UP_POLICY or CALL-UP_POLICY (TAG_INST_SW). That is to say, when software entity 111-114 is used in user's 213 attempts, the time that allowed before next time calling out according to that entity of CALL-UP_POLICY (TAG_INST_SW) of subscriber equipment 104 or software (SW) had lost efficacy expired, and the monitoring programme 209 on that equipment 104-107 is initiated steps 370. In the another one embodiment, the time that SP209 selects before expired is carried out calling procedure, no matter whether the use of software entity 111-114 is requested. CALL-UP_POLICY can be maintained in 209 li of monitoring programmes on the subscriber equipment 104. In addition, calling might occur because carrying out but call out that time is up no matter use the part of the monitoring programme 209 of request to judge to carry out. For example, some calling may occur because definite number of times of the BOOTUPS (powering up) of subscriber equipment 104-107 has occured or use the first time of unmarked software.

If in step 371 li calling monitor center 103 (Fig. 2) failure, processing procedure continues step 376 so, the monitoring programme (SP) 209 on this step subscriber equipment 104 may be carried out the punitive action. In preferred embodiment, monitoring programme (SP) 209 will be carried out new calling, retry several times before the action of beginning punitive. Need in step 376 in the situation of punitive action, the punitive action may only be to notify the software entity 111-114 of user's 213 requests because communication failure. Temporarily can not access.

If access success and the connection of having set up monitor center 103 (Fig. 2) from subscriber equipment 104, so in step 372 li, monitoring programme (SP) 209 preferably safely from subscriber equipment 104 send or Transport label table 210 to monitor center 103 (Fig. 2). In optional embodiment, monitoring programme (SP) 209 sends fingerprint table 126 also for monitor center 103 (Fig. 2). That is to say that in order to detect the infringement software that the user makes or the user revises, fingerprint technique of the present invention aspect may maybe can not be combined in the embodiment.

After step 372 finished, monitoring programme (SP) 209 enters wait state until continuity message is sent and receive this message by monitor center 103 (Fig. 2). Optionally, monitoring programme (SP) 209 may enter sleep state and follow operation after the interruption of operating system (OS) 207 after step 372 finishes. In optional embodiment, monitoring programme (SP) 209 continues to process the request from the user. Monitor center 103 (Fig. 2) call treatment will obtain explaining about Figure 13 A and 13B after a while. Finished its calling procedure when monitor center 103 (Fig. 2) and processed, continuity message (CM) 212 is sent to subscriber equipment 104.

In step 373 li, monitoring programme (SP) 209 checks the returning of continuity message 212 of the calling rule CALL-UP_POLICY definition of subscriber equipmenies 104. As calling out the example that checks continuity message 212 in the regular CALL-UP_POLICY, step 373 can guarantee to be portion of time before receiving continuity message (CM) 212. If the too many time has gone over before receiving continuity message 212, calling out rule may be illegal.

Also can judge with other factors and call out illegal whether the existence, such as the digital signature that does not have 212 li of proficiency testing continuity message. Another one judges that the illegal factor of calling is that HASH (EVENT_HISTORY) field of 212 li of continuity message and the Hash HASH (EVET_HISTORY_AS_OF_MOST_RECENT_CALLUP) of the event history of the last call time that is recorded in 104 li of subscriber equipmenies are not identical. Pirate if this may occur have two equipment 104-107 to have identical configuration and ID_TAG_TABLE, but only have one to carry out calling. Because event history only has an equipment can accept to continue message 212 among the equipment 104-107. Miscellaneous equipment can only carry out the calling of oneself and then cause call failure because HEADER_TAG_TABLE (table 210 li row 1 among Fig. 6) can still can not mate the call time of explaining above by coupling ID_TAG_TABLE.

If CALL-UP-POLICY li is illegal in step 373, processes and continue step 376 and the punitive action is performed at subscriber equipment 104. In this case, punitive action may comprise that notifying user 213 to call out the software entity 111-114 that can not continue and ask must be broken off relations access temporarily or be under an embargo. Optionally, may make subscriber equipment 104 invalid within a period of time.

If step 273 judges that continuity message (CM) 212 is received and is acceptable that in step 374, continuity message (CM) 212 is delivered to monitoring programme (SP) 209 within the restriction of CALL-UP_POLICY definition. Next, at step 375 li monitoring programme (SP) 209 by digital signature technology checking continuity message (CM) 212 and be that each TAG_INST_SWn of 210 li of the label lists of subscriber equipment 104 carries out the action that continues 212 li of message (CM). That is to say, monitoring programme (SP) 209 be 210 li of label lists each TAG_INST_SWn more new usage state and actuation time row. By this way, system of the present invention 109 renewal that allows subscriber equipmenies 104 regularly to obtain label list 210 from monitor center 103 (Fig. 2).

Because monitoring programme (SP) 209 is as the interface between the mounted software entity 111-114 on user 213 and the subscriber equipment 104, preferably monitoring program 209 realizes usage monitoring mechanism described here on subscriber equipment 104. Be in " continuation " usage state by the label TAG_IINST_SWn that requires software entity 111-114, this state can only be changed in call treatment, and monitoring programme (SP) 209 is finally managed by one or more monitor centers 103 (Fig. 2). Monitor center 103 (Fig. 2) is responsible for whether should being in " continuation " or " GC_DISABLED " state according to the label of 210 li of the label lists of judging subscriber equipment 104 for each rule of label and fingerprint definition.

Figure 13 A and 13B show a continuous flow chart, and this figure of preferred embodiment according to the present invention has showed the step that the inner proving program (VRP) 315 of monitor center 103 (Fig. 2) is carried out in the middle of call handling process. Monitor center 103 (Fig. 2) recognizes that calling procedure works as subscriber equipment 104 (namely, monitoring programme 209) and li initiate in the step 370 of Figure 12 that an initial call treatment connects or contact monitor center 103 (Fig. 2). As response, the step 410 of Figure 13 A li, checking monitor center 103 (Fig. 2) receives label list 210. If but mounting software the label TAG_NST_SWn that do not use 210 li of label lists are with its mark on the subscriber equipment 104, monitor center 103 (Fig. 2) also receives the fingerprint table 126 from subscriber equipment 104. Moreover, fingerprint of the present invention aspect be can quilt and because their allow to detect infringement software, so Ei provides in preferred embodiment of the present invention.

In optional embodiment, monitor center 103 (Fig. 2) may receive only the part of label list 210, for example, and the part of the HEADER_TAG_TABLE that label list is 210 li and label (row 1). The label 120 that receives may be that those monitor centers 103 (Fig. 2) are request or that may be selected at random or may only be need to use the label 120 of software entity at subscriber equipment at that time. The another one possibility be label 120 may respond those by use charging or have a fixedly software entity of access times. The advantage of this selection is that it has reduced communications cost and processing cost.

In the embodiment that another one is selected, monitor center 103 (Fig. 2) only receives HEADER_TAG_TABLE (the first row of the label 210 in Fig. 6). This embodiment so that the calling cost of monitor center and resemble below explain can function smoothly when each TAG_INST_SW comprises the ID_TAG_TABLE field.

Get back to now the description of the call handling process of relevant Figure 13 A, in step 141 li, monitor center 103 (Fig. 2) checks and guarantees to call out and meets the calling rule CALL-UP_POLICY relevant with subscriber equipment 104. It is inner preferably to be maintained in monitor center 103 (Fig. 2) for the calling of subscriber equipment 104-107 rule CALL-UP_POLICY, and/or sometimes provide to instruct monitor center 103 (Fig. 2) how to judge that subscriber equipment 104 must call out the frequency of verifying and upgrading its label list 210 by ageng merchant 101 or consumer equipment makers (not have to show).

Step 411 may be performed be by, for example, the HEADER_TAG_TABLE information field is such as the unique identifier that is included in the label list 210 in the ID_TAG_TABLE field. If calling and CALL-UP_POLICY are inconsistent, the punitive by monitoring programme (SP) 209 execution of step 416 preparation appointment is moved when monitor center 103 (Fig. 2) returns continuity message (CM) 212 to subscriber equipment 104.

Processing procedure is from step 416 and 411 step 412 that continues, and proving program 315 checkings here are at signature and/or the unsigned label TAG_INST_SWn of 210 li of label lists. Checking in step 412 li execution may be the digital signature authentication of the label TAG_INST_SW of 210 li signatures of relevant label list. For unsigned label, the HASH_INST_SW value may be used to check that secret number NUM_INST_SW in label TAG_INST_SW and the HASH_INST_SW of that label are consistent. This is possible because HASH_INST_SW partly is the hash function value that is calculated by NUM_INST_SW. In addition, NUM_INST_SW must appear at SPARSE_SET and necessary relevant with the NAME_SW of TAG_INST_SW.

For each at the step 412 li not verified TAG_INST_SWn that detects, step 417 is prepared the punitive action of appointment, and this moves based on the usage monitoring rules POLICY (TAG_INST_SW) relevant with the software entity 111-114 of this not verified label TAG_INST_SWn. Punitive action in this case comprises the instruction of forbidding subscriber equipment 104. Attention will be performed after it is sent to subscriber equipment 104 in the punitive action of step 417 li appointment.

The usage monitoring rules POLICY (TAG_INST_SW) relevant with software entity 111-114 is maintained on the monitor center 103 (Fig. 2), and the usage that is sometimes provided to instruct monitor center 103 (Fig. 2) how to process the various software entity 111-114 of relevant ageng merchant 101 making by ageng merchant 101 is monitored. That is to say that ageng merchant 101 can provide software entity 111-114 to 104-107 (for example for expense). In order to force the use restriction on those entities 111-114, ageng merchant 101 can create rule P OLICY (TAG_INST_SW) and can provide these rules to monitor center 103 (Fig. 2) for entity 111-114. In the middle of calling procedure, regular CALL_POLICY (TAG_INST_SW) is forced or supervised to monitor center. As the embodiment of selecting, suppose that 111 and 112 have identical software content SW, the rule of a software entity (namely, 111) may be different from the another one entity (namely, 112) of that same software. For example, this forces different usage monitoring so that the present invention is two users of same program, because each entity has its own relevant label and calls out regular being maintained on the basis of entity to entity or user to user.

At anything part, at monitor center 103 (Fig. 2), at the authenticity verification (step 412) of each label TAG_INST_SW of 210 li of label lists afterwards, or sharpen one's knife for after the sexual act for each not verified label (step 417), processing procedure continues step 413, is examined at the software database of the label TAG_INST_SWn correspondence markings of each checking of 210 li of this label lists. In essence, step 413 checks that the use of each label TAG_INST_SWn (namely, subscriber equipment execution call treatment) of 210 li of the label lists relevant with the software entity 111-114 that uses on the subscriber equipment 104 meets the usage monitoring rules of software entity POLICY (TAG_INST_SW). After step 413 li each label of test, processing procedure continues step 414.

Process and to realize by many modes in the inspection of step 413 li execution. According to an embodiment, the software database 138 (Fig. 9) of mark comprises one group of incidence relation between label TAG_INST_SWn and monitoring programme identifier (209-As) and finds the number of times of these incidence relations. In this embodiment, proving program (VRP) the 315 contrast TAG_INST_SW-HEADER_TAG_TABLE-CALLUP_TIME incidence relations tabulation relatively label of 210 li of label lists judges that identical label 120 (table 210 row 1) is whether on two equipment 104-107. If find that label 120 is relevant with some HEADER_TAG_TABLES, li sharpen one's knife for sexual act in step 418.

In a preferred embodiment of the invention, the proving program VRP315 of monitor center uses data structure (Figure 10 relevant with label 120 TAG_INST_SW, 320,321), check whether software entity 111-114 the use on calling user device 104 relevant with label 120 meets for the usage monitoring rules POLICY's (TAG_INST_SW) of this software entity 111-114 appointment. For example, if the usage monitoring rules is specified identical software entity (namely, same label) necessarily can not appear in two different subscriber equipmenies (for example 104 and 105), (for example be in simultaneously spendable state, USAGE STATUS=CONTINUED), the detailed data of the call record 321 of label will make VRP315 whether rule is breached to check.

Behind each label 120TAG_INST_SWn in step 413 tags detected table 210, the label 120 in 210 label lists may or can not have the punitive action of the appointment relevant with these labels. Come appointment if the punitive action is the label of an incorrect copy of foundation or the label that does not meet the usage monitoring rules, process and continue step 420. In this step, the proving program VRP315 in the monitor center 103 (Fig. 2) prepares the punitive action of appointment and sends subscriber equipment 104 to by a continuation of message CM212. Such continuation of message) CM212 is used to subscriber equipment 104 administer doses of punishment sexual acts, and comprises the working value " GC_DISABLED " of USAGE STATUS field of the label TAG_INST_SWn of the POLICY that breaks the rules (TAG_INST_SW) all in the relevant label list 210.

Note, in this preferred embodiment, if at least one label TAG_INST_SW has violated usage monitoring rules POLICY (TAG_INST_SW), find that perhaps it is present in the compromise list of labels in the label software database 138 (Fig. 9), in step 418, will specify punitive action to it so, and in step 420, carry out and do not have a further subsequent treatment. In an optional embodiment, the punitive action of each label TAG_INST_SW compromise or that break the rules is specified in step 418, processing procedure may turn to step 414 afterwards.

A serve as a mark optional processing mode of software, above-mentioned tag processes process occurs over just in a part of label list. For example, processing procedure is only carried out on the label of those subscriber equipmenies 104-107 (namely, the monitoring programme on the subscriber equipment 209) request access (namely, software entity is attempted to be used). In this case, continuation of message CM212 will only be relevant software entity appointment continuation or the chastening action of those labels of monitor center 103 (Fig. 2) processing.

For another optional embodiment, do not needing to carry out tag processes for the software of buying unrestricted use, therefore got rid of the activity relevant with step 372 (Figure 12). Like this, only need checking HEADER_TAG_TABLE. In this case, HEADER_TAG_TABLE (Fig. 6 top line) comprises ID_TAG_TABLE and event history (Fig. 6). In this embodiment, each label 120 outside the NUM_INST_SW, also comprises ID_TAG_TABLE except comprising HASH_SW and NAME_SW. The ID_TAG_TABLE value will write label 120 (first row) when buying software, and it is Fig. 3 A that obtains HASH_INST_SW, the parameter of the hash function of step 153 among 3B and the 3C. ID (SP) 209-A is based on a unduplicated value because ID_TAG_TABLE comprises ID (SP) 209-A, and for example equipment 104 powers up the time value of the Microsecond grade when starting for the first time. Do not having in the pirate situation, each ID_TAG_TABLE value should only appear on the physical equipment.

The piracy of adopting the mode of copy reflection of magnetic disc is possible arrive to cause an ID_TAG_TABLE value to appear at the phenomenon of a plurality of physical equipments (making " twin "), but the CALLUP_TIME of the CALLUP_RECORD of authentication database 138 (Fig. 9) can't mate within call time in the LAST_CALLUP_TIME among the HEADER_TAG_TABLE of equipment 104 and the monitor center 103 (Figure 2). So, the checking of HEADER_TAG_TABLE will be failed. If send two call informations back to from two identical equipment 104-107 of configuration, monitor center 103 will be taked punitive action.

In addition, any two equipment among the equipment 104-107 can not be shared same calling procedure because their HEADER_TAG_TABLE according to HASH (EVENT_HISTORY) field of separately label list 210 difference. Among the continuation of message CM212, the hash function value is sent transmission, only has unique equipment can correctly carry out continuation of message CM212 in equipment 104-107. In this case, if two equipment repetitive operations, monitoring programme 209 will be identified this copy, then takes the punitive action. Therefore, each ID_TAG_TABLE value is on the unique equipment in equipment 104-107, or relevant with it, otherwise, will the bid failure. When a label comprises ID_TAG_TABLE, to only have when the ID_TAG_TABLE of this label 120 value and suitable equipment are complementary, the monitoring programme 209 on the equipment among the 104-107 will allow to use the software entity 111-114 relevant with label 120. The result is, each software entity among the 111-114 will be used by equipment unique among the 104-107, and the ID_TAG_TABLE value of that equipment be with label 120 in the ID_TAG_TABLE value be complementary.

In step 414, proving program VRP315 will judge the clauses and subclauses that whether have unmarked software entity in label list 210. Be installed in unmarked software entity on the subscriber equipment 104-107 in label list 210 the row UNTAGGED_SW that sets up for unmarked software entity and USAGE STATUS in be made as UNTAGGED. This UNTAGGED_SW tag entry preferably creates at the first mounting software of user or when using for the first time, and this finger prints processing process is preferably carried out during at the unmarked software of primary detection at subscriber equipment 104, sees Fig. 7 for details.

In Figure 13 A, if proving program VRP315 detects unmarked clauses and subclauses at label list 210 in step 414, will execution in step 415. This step is to obtain the fingerprint tabulation from fingerprint table 126. And fingerprint table 126 is sent to monitor center 103 by step 410. Fingerprint table 126 comprises the fingerprint tabulation tabulation of each unmarked software entity. The general address fingerprint examination of explaining above using, proving program VRP315 compares each fingerprint tabulation Yi of the finger print data structure 137 among the GCDB300 with each fingerprint tabulation Xi of fingerprint table 126. Surpass the occurrence of finding to surpass specific quantity between fingerprint tabulation Xi and Yi as finding, monitor center will be monitored the use of infringement software, and continue step 420. In the action of this sharpening one's knife for property of step, and it is sent to the subscriber equipment 104 of calling. The distributors 101 of the anti-infringement version of making infringement software is also with notified.

As with every among the fingerprint Xi with each fingerprint tabulation of monitor center relatively, calculates quite heavyly, and because this is the maximum operation of system's cost in the calling, finish some difficulty of embodiment of this work. In this embodiment, a fingerprint tabulation that is called reverse monitoring fingerprint table is built into the fingerprint that comprises all infringement software, but does not have the fingerprint of repetition. Use this oppositely monitoring fingerprint table, how many fingerprints are each tabulation Xi of monitor center 103 inspections then determine to have and oppositely guard fingerprint table (existing in the finger print data structure 137) coupling in this tabulation. If the occurrence that finds surpasses specific quantity, will contrast Yi Xi is done a detailed inspection, whether very approaching with the quantity of determining fingerprint. If step 415 has not detected any fingerprint matching, so with execution in step 419, to determine whether defined chastening action in the step 411 and 412 in front. If so, then carry out the step 420 that the front was described.

If do not define any chastening action in step 419, then execution in step 421. What this step process was all is thought by monitor center by the label TAG_INST_SWn that uses paying. In other words, monitor center 103 can be maintained in the tabulation by the whole software entity 111-114 that use the charging basis to illustrate in marker software database 138 (Fig. 9). Step 421 is these labels (first row) inspection tag table 210, check one or more when using the charging label, step 421 will make monitor center transmit descriptive information (performance) to software vendors 101 about that pay-per-use or by the entity 111-114 that uses charging. The RUN COUNT of the tag entry of label list 210 or USE TIME field can be used to determine by using metering data. If one by using the expiration of charging label to stop, will be set as " GC_DISABLED " in the USAGE_STATUS field of the label TAG_INST_SWn of the software entity of label list 210. This can realize by prohibited acts (DISABLE ACTION) DISABLE (TAG_INST_SW) to this label. These prohibited acts can be synthetic with continuation of message 212, can very fast execution.

After the process by the use charging in step 421 finished, step 422 was verified fully with undue label TAG_INST_SW for each and create a continuity action CONTINUE (TAG_INST_SW) in label list 210. This continuity action will be synthetic with continuation of message (CM) 212.

In the step 423, proving program 315 will be prepared a continuation of message CM212 and return to subscriber equipment 104. This continuation of message comprises some fields. Wherein, the TIME field is taken from clock 304, can indicate the current time, when Field ID _ TAG_TABLE can indicate in calling procedure execution in step 410, deliver at first unique identification information of the label list 210 of monitor center 103, also have simultaneously the coding of the event history that when calling out HASH (EVENT_HISTORY), produces. The ACTIONS field comprise a series of actions ACTIONS=(ACTION1, ACTION2 ... .ACTIONN), these actions are to choose from a series of actions that 104 monitoring programme SP209 for a special user equipment provide. The hash function value is also contained in interior and calculates in action HASH (ACTIONS). At last, also will comprise the digital signature value of full content in the continuation of message 212, and do not pretended to copy with the name of monitor center 103 by website on the network 100 or main frame to guarantee continuation of message 212. The value of this signature occurs in the following manner:

SIGN_GC(TIME，ID_TAG_TABLE，HASH(ACTIONS)， HASH(EVENT_HISTORY))

In case after all fields of continuation of message CM212 are all finished, proving program 315 will send or transmit continuation of message CM212 safely to the monitoring programme SP209 of the subscriber equipment 104 that makes a call in the step 410. In one embodiment, call out an available public keys that is provided by equipment. If piracy is set up two equipment that same key is arranged, according to embodiment of the present invention, an equipment that only has correct event history can continue continuation of message CM212.

At last, in step 425, monitor center 103 will create a call record CALL-UP_RECORDn relevant with calling procedure. Monitor center 103 quotes for additional one of the call record CALL-UP_RECORDn of the tag data structure 320 (Figure 10) relevant with this TAG_INST_SW. Quote is an internal memory pointer or the unique identifier of CALL-UP_RECORD. The discussion of relevant Figure 10 above the content of call record is seen.

Below, will stress its some features about an example of the validity aspect of this invention. For example, suppose that a user 213 has bought the right to use of the software entity 111-114 in 1 year, expired after 1 year, the heavily not continuous right to use of user 213. Because the heavily not continuous right to use of user 213, software vendors 101 determines to forbid that user 213 no longer holds usufructuary software entity 111-114. Use this invention, distributors 101 can be simply at the monitor center relevant with software entity 111-114 103 Provisioning Policy POLICY (TAG_INST_SW), forbid that next entity is from the calling to monitor center of subscriber equipment 104 that entity 111-114 has been installed. In this way, dynamically the usage monitoring does not require that user 213 returns his software entity 111-114. If user 213 had regained the right to use afterwards, 101 need of distributors change rule P OLICY (TAG_INST_SW) at monitor center 103, and " CONTINUED " state tag TAG_INST_SW that calling next time will be used this software entity upgrades the label list 210 on the subscriber equipment 104.

The various assembly of continuation of message CM212 is prepared by monitor center GC103. The digital signature of the CM212 of integrating with above-mentioned has multiple use in embodiment of the present invention. Continuation of message CM212 indicates 104 monitoring programmes 209 that receive subscriber equipment and how to remove to upgrade USAGE STATUS row and go to promulgate that punitive action (if any) in the label list of equipment. In order successfully to finish the calling procedure of requirement, determine hash function and CM212 (Figure 13 B, 423) it is impossible that other values in fact make dishonest user 213 go to use any continuation of message CM212 to become, by monitor center 103 for the current calling that comes from subscriber equipment (namely the 104-107) of response produce except. And the other side agency or main frame can not cause as by sending an illogical CM212 to equipment 104 as 104, refuse the service to subscriber equipment 104.

Mention as above-described preferred embodiment, the invention provides a detection, control, with the mechanism of monitoring software entity usage, these software entitys, be created and distribute away from software vendors 101, by pirate and illegally sell away, and attempt to access from subscriber equipment 104. By provide each software entity 111-114 of unique identification be difficult for forgeing, believable label TAG_INST_SW, the usage monitoring just is achieved. In preferred embodiments, the identical address fingerprint technique is to verify whether TAG_INST_SW is correctly relevant with software entity INST_SW.

Fingerprint technique also can be used in the slightly different purposes. One of them purposes is exactly the integrality that checks the text of operating system 207. This can be by the fingerprint technique process of crossing with prerequisite, the another part that comes audit program with a part or another program of a program. Do like this to stop and damage monitoring programme 209 or operating system 207. In another embodiment, the hardware device of an outside can be carried out when machine or equipment 104-107 power up such as the electronic programmable read-only memory and check. In both cases, audit program all calculates the Hash fingerprint of mentioning on the part of operating system program 207. For example, find that when it unmatched fingerprint is arranged, equipment is quit work. Fingerprint technique can also be operated the text that system 207 is used for checking monitoring programme 209. Conversely, the Hash of monitoring programme 209 available event history is done checking and authenticity examination.

This operation is as follows: monitoring programme 209 can use Hash (hash) functional based method of the increase as MD5 to upgrade the Hash of data label table 210 after each the renewal. Before with a new events regular update label list 210, monitoring programme 209 can verify whether its hash function value equates with Hash in the label list. If some checks out unequal, monitoring programme 209 or operating system 207 will be taked the punitive action. In this way, each aspect of the present invention can be used for checkout equipment and oneself solves software disturbing.

Fingerprint technique can further be used for verifying the software of submitting the particular Seller of request to the label 120 of the software entity 111-114 of tag server 102 to, is not illegal copy or from the copy of legitimate sales merchant's software SW. Be feasible if so do, will allow so pirate distributors to sell another legitimate sales merchant's software SW, at this moment related tag server can produce believable label 120. Contrast the existing new software of comparison by software fingerprinting method and the general address of utilization fingerprint technique to up-to-date development, whether the software of distributors of checking up-to-date submission is similar to legitimate sales merchant software SW, and the present invention can stop the possibility of this piracy.

Inspection tag when software entity 111-114 can or use for the first time in their installations. Label also can check (as by hash function, characteristic pattern, or calling procedure) afterwards. The reason that allows software to check after first the use is that software may be too large, and the check system expense is lacked when checking than first the installation after first the use.

After the failure, the state of the equipment former state that recovers of will having to. In this case, user 213 must get in touch to inform with monitor center 103 needs to transmit original HEADER_TAG_TABLE. Suspicious utilization to this privilege can be followed the tracks of at an easy rate by monitor center 103.

Figure 14 shows the data structure of being used by the optional embodiment of the present invention, and this optional embodiment can be eliminated monitor center and call out the needs that software produces shared data file. Word processor is exactly an example. The acquaintance often intercourses word processing file and Word. Very typical, the first situation allows, and is unallowed but exchange application software. For stoping such piracy, one embodiment of the invention can be rewritten the TAG_INST_SW120 relevant with that program and be changed software application, simultaneously, also has ID_TAG_TABLE, with the time of the not visible address of each shared file of last visit, shown in the data structure 600 among Figure 14. Program also can be rewritten the time of TAG_INST_SW and last visit TAG_TABLE_601, also as shown in this figure.

Data structure 600 is stored in a shareware data file (text for example, refer to SSD here) not visible address (in other words, not visible for the user), it can be positioned over a comment field of shareware data SSD file, can with hash function (three independent variable: TAG_INST_SW of use preferably, ID_TAG_TABLE, the time of access last time 600) share.

Figure 15 lists the step of embodiment of the present invention above-mentioned, has recorded the software piracy protection mechanism. In the step 700 of Figure 15, monitoring programme SP209 on the First subscriber equipment that an ID_TAG_TABLE X is arranged (for example subscriber equipment 104) detects the someone will access a shareware data SSD, monitoring programme 209 will check shareware data SSD, and shareware data SSD is held the software entity (for example one of 111-114) of TAG_INST_SW T a specific time access under the predetermined unit record in shareware data SSD. Then, in step 701, when a software entity (may be on another machine or on another subscriber equipment, for example 105) attempt to carry out or access shareware data file SSD, detect the existence of data structure 600 in shareware data file SSD in the monitoring programme 209 on the subscriber equipment 105, obtain label T from SSD, and check that (equipment obtains shared file to subscriber equipment 105, but the equipment that file SSD is creating is not necessarily) on label list 210, purpose is to see whether label T is arranged in the label list 210. If no, the software entity that goes so to access second equipment 105 (obtaining sharing the equipment of the data) use of shareware data SSD is not copied, and therefore, allows access to continue step 703.

Otherwise, if in step 701, really there is label T in the data structure 600 of storage in the shareware data SSD scope, execution in step 702 so. In step 702, monitoring programme 209 on second equipment 105 will be checked the software entity relevant with label T one of (for example, among the entity 111-114 on second equipment 105), and the time of data structure 600 appointments in being embedded in SSD is write the shareware data file. If not, just occur pirate. Monitoring programme 209 will be carried out the punitive action at step 704 pair second subscriber equipment. If in step 702, determine the current software entity 111-114 of second equipment 105, really according to the Information Access shareware data SSD that is embedded in data structure 600 appointments among the SSD, so with execution in step 703. To be allowed to access shareware data in this step. Notice that this embodiment has superiority very much, it need not guarded monitor center and call out, may buy or during mounting software entity 111-114 rising, or for detecting infringement software.

In another embodiment of the invention, the different software entity of same software is different according to device identifier. The superiority of this embodiment is necessary the exchanging that can reduce with monitor center, and unfavorable factor is that each software entity must be different (this with only label is different on the contrary), and can not move on to another equipment from an equipment. In this embodiment, device identifier makes up from a processor identifiers, if any (P3 that some processor such as INTEL Corp. make has processor identifiers). Perhaps, device identifier is preferably to be come from the monitoring programme identifier, can merge with processor identifiers above-mentioned and use. Each software entity uses the identifier of the equipment of this software entity to merge in the code of software entity and in test. This is tested available C language representation and is " if statement (if statement) ". Merged identifier and device identifier are compared in this test. Carry out this test by operating software. If more successful, equipment can be used this software entity, if more failed, equipment just can not be used this software entity, then notification monitor administer doses of punishment sexual act. Possible bootlegger may revise monitoring programme so that its checkout facility identifier not. It is similar that this and marker software seem unlabelled piracy. The software that testing of equipment has been modified or has been removed can be detected by the fingerprint mechanism of describing among Figure 13 A, from the step 414 of Figure 13 A.

A variant of the present embodiment is to send device identifier to and the digital signature of the Hash (hash) of the software entity that merges with device identifier by distributors.

As follows:

SIGN_VENDOR(HASH_INST_SW)，

Where HASH_INST_SW＝HASH(SW，DEVICE_INENTIFIER)

At this, SIGN_VENDOR is the digital signature of distributors, and HASH_INST_SW adds that by the content of software (all entities are all different) merged DEVICE_INENTIFIER calculates. The software entity that merges with device identifier preferably places identifier the original position of software content or end position so that Hash procedure is more economical. Second test is whether certifying digital signature SIGN_VENDOR is credible. The 3rd test be the HASH_INST_SW that sends here of checking with the software process enactment Hash after the result whether equate. Two tests are carried out by the monitoring programme on the subscriber equipment. If digital signature is both insincere, the result behind HASH_INST_SW and the software process enactment Hash is also unequal, and so, monitoring programme will be taked the punitive action.

In description as above, tag server 102, monitor center 103 and distributors 101 are all described respectively. In the optional embodiment, these roles can unite. For example, an independent website, or the main frame in the network or server can be simultaneously as monitor center 103 and tag servers 102. Software vendors 101 also can be born these three roles simultaneously. In addition, even each process or role separate, in the superincumbent embodiment, some functions that are distributed on the member (such as tag server, monitor center, distributors) can be carried out by other members. For example, identical address fingerprint technique process can be carried out by distributors 101 rather than tag server 102.

Although the present invention comes specific performance or description by the preferred embodiment of quoting here, those skilled in the art is appreciated that fully in the form that may occur in the situation of the spirit and scope of the present invention of accessory claim definition and the various changes aspect the details.

Claims

1. the system that uses of monitoring software comprises:

The ageng merchant produces software entity;

Tag server produces a plurality of labels, the corresponding software entity of label, and each label identifies the therewith relevant software entity of label uniquely; And

Subscriber equipment receives with the mounting software entity and receives and the unique relevant label of software entity safely, this subscriber equipment comprises monitoring programme, and monitoring programme detect to be used the attempt of software entity and the authenticity of checking and software entity respective labels before allowing to use software entity.

2. system according to claim 1, if the authenticity of the monitoring programme checking label wherein on the subscriber equipment and be maintained in label in the label list and also label to be real refuse software entity then if maintenance software entity and the label relevant with software are untrue.

3. system according to claim 2, wherein the hash function value in the monitoring programme checking label judges that label is whether true and be rationally relevant with software entity.

4. system according to claim 2, wherein label is to be digitally signed and monitoring programme is verified the authenticity of label by the digital signature of checking label.

5. system according to claim 1, each in the many labels that wherein created by tag server comprises at least one dbase, the hash function value on the unique number of software entity and the software entity partial content.

6. system according to claim 5, wherein the unique number of software entity is selected from the numeral in the sparse array.

7. system according to claim 5, each label further comprises the unique identifier of monitoring programme.

8. system according to claim 7, wherein the identifier of the monitoring programme of monitoring programme checking on the unique identifier of the monitoring programme in the label and subscriber equipment is identical.

9. system according to claim 1, wherein each label comprises the fingerprint that the partial content of the software entity that at least one is relevant with this label calculates.

10. system according to claim 9, wherein monitoring programme contrasts at least one and is included in fingerprint authentication in the label relevant with software entity relevant software entity satisfies the identical address fingerprint detection with label.

11. system according to claim 10, wherein before the use of software entity at least one times, use in the middle of and use after monitoring programme carry out the identical address fingerprint detection.

12. system according to claim 9, wherein each label further comprises at least one address list, and at least one fingerprint is that the software entity that is calculated by the value that these addresses comprise and monitoring programme is correlated with each label to the fingerprint authentication relevant with software that impinges upon the specified address of at least one address list satisfies the identical address fingerprint detection.

13. system according to claim 1, any data file of software entity access no matter when wherein, the information of the execution access relevant with software entity is stored in the position relevant with data file.

14. system according to claim 13, wherein the information relevant with software entity is the label relevant with software entity.

15. system according to claim 13, wherein the information relevant with software entity is the modification time of being carried out by software entity.

16. system according to claim 13, wherein the information of the execution access relevant with software entity is recorded in the home that monitoring programme separately can access.

17. system according to claim 16, wherein monitoring programme can be verified when software entity attempt access of data files, this data file has the related information that is stored in the position relevant with that data file, and the related information of monitoring programme checking storage is the information relevant with present attempt access.

18. system according to claim 16, wherein monitoring programme is used without the hash function of another name and is verified the related information that is stored in the position relevant with the ongoing data file of current access.

19. system according to claim 1, a nearly step comprises:

Surveillance center comprises:

The software database of mark; With

Proving program;

Monitor center regularly and subscriber equipment to interrelate be to receive label by calling procedure from subscriber equipment, the label that the entity of the marker software of using on described and the subscriber equipment is relevant, the software database of proving program contrasting marking checks that each label that receives from subscriber equipment guarantees that label meets at least one usage monitoring rules, and proving program returns continuity message to subscriber equipment, the action that continuity message indication the software entity on subscriber equipment relevant with each label followed; And,

The authenticity of the monitoring programme checking continuity message on subscriber equipment if real, is carried out the activity of following of appointment in the continuity message.

20. system according to claim 19, at least one ageng merchant wherein, tag server and monitor center and other at least one ageng merchant, tag server and monitor center combine.

21. system according to claim 19, the time interval that maximum between in the middle of the wherein subsequenct call process allows is number of times and the interval by the holding time on subscriber equipment, use software entity, the number of times that subscriber equipment powers up, and at least one decision in the combination of the usage measure of subscriber equipment.

22. system according to claim 21, wherein when subscriber equipment can not be carried out calling procedure with monitor center, since upper one this calling procedure allows before the interval finishes in maximum, subscriber equipment is under an embargo a period of time.

23. system according to claim 21, wherein when between subscriber equipment and the monitor center since since upper one this calling procedure when maximum allows the interval can not carry out calling procedure before finishing, some software entity is rejected a period of time.

24. generation is wherein called out by system according to claim 19 when software entity is used for the first time in subscriber equipment.

25. system according to claim 19, the wherein bid owing to the request of Surveillance center.

26. system according to claim 19, wherein the identity reality of monitoring programme test continuity message is that the hash function value by the label list of checking in continuity message is identical with hash function value from the label list in the subscriber equipment message related to calls.

27. system according to claim 26, the identity reality test that wherein continues message is by verifying that the digital signature in the continuity message is by finishing that monitor center produces by monitoring programme.

28. system according to claim 19, the subscriber equipment that does not wherein receive continuity message after giving the message related to calls of monitor center resends the previous message related to calls of message related to calls order cancellation.

29. system according to claim 19, wherein at least one usage monitoring rules is relevant with at least one single software entity, and this software entity is relevant with at least one label.

30. system according to claim 19, wherein at least one usage monitoring rules is with all subscriber equipment is relevant, and monitor center is communicated by letter in calling procedure with this subscriber equipment.

31. system according to claim 19, wherein at least one usage monitoring rules is relevant with the unique user of subscriber equipment, and monitor center is communicated by letter in calling procedure with this subscriber equipment.

32. system according to claim 19, wherein at least one usage monitoring rules is historical relevant with the usage monitoring, and monitor center is communicated by letter in calling procedure with this subscriber equipment.

33. system according to claim 19, monitor center is safeguarded tag data structure for each label relevant with each software entity on each subscriber equipment in the software database of mark.

34. system according to claim 33, wherein each tag data structure comprises the software entity label, the usage monitoring rules relevant with software entity and call record quote set.

35. system according to claim 34, each call record representative in wherein call record is gathered relates to the information of a calling procedure and the continuity message relevant with calling procedure comprises at least one call time, send the label list gauge outfit of monitor center in the calling procedure to, indicate the last call time of last calling procedure timestamp, send the hash function value of the label list of monitor center in the middle of the calling procedure to, and need the action carried out on the subscriber equipment.

36. system according to claim 1 wherein further comprises:

Monitor center comprises proving program;

The regular contact user equipment of this monitor center, receive unique identifier about the monitoring programme of subscriber equipment via calling procedure from subscriber equipment, proving program checks that this unique identifier has this identifier to guarantee maximum monitoring orders, proving program returns a continuation of message to subscriber equipment, continuation of message is according to the action of the use attempt indication needs execution of the software entity relevant with each label on the subscriber equipment

The authenticity of the monitoring programme of subscriber equipment checking continuation of message, if having authenticity, carry out in the continuation of message action.

37. system according to claim 36, wherein the monitoring programme identifier is based on the Digital generation that can not repeat when this monitoring programme is activated for the first time.

38. described system according to claim 37, the numeral that wherein can not repeat is point-device time value of the generation when monitoring programme is activated on machine for the first time.

39. described system according to claim 37, the event that wherein can not repeat is the numeral that is provided by monitor center.

40. system according to claim 1 further comprises:

Do not have a markd software entity what subscriber equipment used;

Wherein monitoring programme detects the use of unlabelled software entity and carries out fingerprint technique at unlabelled software entity and process and the fingerprint that finger prints processing obtains is stored in the subscriber equipment.

41. described system according to claim 40, wherein the unlabelled software entity that further uses at equipment of the monitoring programme of subscriber equipment is carried out finger prints processing and the fingerprint that finger prints processing obtains is stored in the fingerprint table of subscriber equipment.

42. described system according to claim 41, wherein monitoring programme stores the calculated address of fingerprint.

43. described system according to claim 41, wherein fingerprint is based on the content of software entity.

44. described system according to claim 41, wherein fingerprint is based on the known array of software entity behavior.

45. the further formation of described system according to claim 41:

The monitor center that comprises finger print data structure and proving program;

The regular contact user equipment of this monitor center receives all fingerprints of the software entity on relevant this subscriber equipment come from subscriber equipment via calling procedure. Each next software entity of whether encroaching right with the software entity that uses on the judgement subscriber equipment of fingerprint contrast finger print data structure from subscriber equipment of proving program comparison.

46. described system according to claim 45, if wherein proving program detects between the fingerprint in the finger print data structure of monitor center and the fingerprint from subscriber equipment and has more than the coupling that specifies number, proving program is specified the punitive action that will carry out. Proving program returns continuity message to subscriber equipment, the punitive action that this message indication will be carried out on subscriber equipment.

47. described system according to claim 46, wherein fingerprint matching processing procedure is a matching process in general address or the identical address finger prints processing at least.

48. described system according to claim 46, wherein Surveillance center's fingerprint table of a conversion is used in fingerprint matching.

49. described system according to claim 46, wherein punitive action designated user equipment can not be worked within a period of time of appointment.

50. described system according to claim 46, wherein the punitive action relevant software entity of fingerprint of specifying the fingerprint in the finger print data structure with monitor center to be complementary can not be worked within a period of time of appointment.

51. described system according to claim 46, wherein the historical record of subscriber equipment behavior, subscriber equipment specific user's behavior historical record, and at least a combination of other software assembly on the subscriber equipment are depended in the punitive action.

52. described system according to claim 45, wherein the ageng merchant transmits the copy of infringement software entity to monitor center, monitor center in calculated fingerprint on the copy of this infringement software entity and the finger print data structure of these fingerprint storage in monitor center.

53. one kind in the label list data structure of subscriber equipment read-only medium through coding, this label list data structure comprise the unique relevant label of at least one and software entity and comprise at least one and label list in the relevant field of label, also comprise the related methods of use mode field of at least one indication and software entity respective labels.

54. 3 described label list data structures wherein have at least one field to be designated as the use statistics of this software entity that label is relevant therewith according to claim 5.

55. 3 described label list data structures according to claim 5 further comprise the label gauge outfit of this label list of unique identification.

56. 3 described label list data structures according to claim 5, wherein the label gauge outfit comprises that information relates to subscriber equipment and uses statistics and comprise continuity message.

57. ageng the merchant comprise:

Make the software of software entity and make mechanism, each software entity has at least one title and software content;

Each software entity only with the pulling together of the label of this software entity of unique identification under can be used, this label is unique information aggregate that is not forged, it relates to the software entity of correlation tag and comprises at least one dbase, the hash function value on the unique number of a software entity and the part software content.

58. 7 described ageng merchants according to claim 5, wherein label comprises the relevant monitoring programme identifier of subscriber equipment that uses with software entity thereon.

59. 7 described ageng merchants according to claim 5, wherein label comprises the fingerprint tabulation of the relative software entity partial content of label.

60. 7 described ageng merchants according to claim 5 further comprise:

The copy that infringement software detection mechanism detects the software of invading agent's right and the software of will encroach right sends monitor center to, can realize that like this usage monitors to detect the use of infringement software entity on the subscriber equipment and attempt.

61. 0 described ageng merchant according to claim 6 further comprises:

The copy that infringement software detection mechanism detects the software of invading agent's right and the software of will encroach right sends monitor center to, and monitor center makes any label relevant with the software of encroaching right invalid and send punitive and move any subscriber equipment that used the software entity of encroaching right to being detected by this monitor center.

62. a subscriber equipment comprises:

Input port receives software entity and receives and the unique relevant label of this software entity and the request of this software entity of reception use;

Processor is carried out monitoring programme, and monitoring programme detects the use request of software entity and the authenticity of the label that checking is relevant with this software entity before the permission subscriber equipment uses this software entity.

63. 2 described subscriber equipmenies according to claim 6, wherein the authenticity of monitoring programme checking label and with tag storage in label list, if and if maintenance software entity label is real otherwise the refusal software entity label relevant with this software is false.

64. 3 described subscriber equipmenies according to claim 6, wherein monitoring programme is calculated the hash function value and the value relatively calculated judges that with the hash function value in the label label is real and is rationally relevant with software entity at software entity.

65. 3 described subscriber equipmenies according to claim 6, wherein label be through digital signature and monitoring programme verify the authenticity of label by the digital signature of checking label.

66. 3 described subscriber equipmenies according to claim 6, wherein label list is to be stored in the field that the data structure in the memory on the subscriber equipment and it comprise that the unique relevant label of at least one and software entity and at least one are relevant with label in the label list, and at least one indicates the field of the software entity usage state relevant with this label.

67. 2 described subscriber equipmenies according to claim 6, wherein monitoring programme judges that according to the definition of calling out rule needs calling procedure and monitoring programme carry out the usage state that calling procedure updates stored in the label in the label list.

68. 2 described subscriber equipmenies according to claim 6, wherein monitoring programme verifies that the data file of the software application of each mark is to be produced by legal software entity.

69. 7 described subscriber equipmenies according to claim 6, wherein in calling procedure is carried out, monitoring programme receives the continuity message that returns to this subscriber equipment via label list and the wait that the interconnection mechanism that is coupling on the subscriber equipment sends safely from user's equipment, and continuity message is designated as the action that each label in the label list will be carried out.

70. 7 described subscriber equipmenies according to claim 6, wherein in calling procedure is carried out, monitoring programme receives the continuity message that returns to this subscriber equipment via label gauge outfit and the wait that the interconnection mechanism that is coupling on the subscriber equipment sends safely from user's equipment, and continuity message is designated as the action that each label in the label list will be carried out.

71. 2 described subscriber equipmenies further comprise according to claim 6:

The unlabelled software entity that uses at subscriber equipment;

Wherein monitoring programme detects unlabelled software entity and carry out finger prints processing on this unlabelled software entity, and the fingerprint storage that finger prints processing is obtained is in the fingerprint table of subscriber equipment.

72. 1 described subscriber equipment according to claim 7, wherein monitoring programme judges that according to the definition of calling out rule needs calling procedure and monitoring programme carry out the usage state that calling procedure updates stored in the unmarked software entity on the subscriber equipment.

73. 2 described subscriber equipmenies according to claim 7, wherein in calling procedure is carried out, monitoring programme sends safely from the part fingerprint table of user's equipment and waits for and receive the continuity message that returns to this subscriber equipment via being coupling in interconnection mechanism on the subscriber equipment, and continuity message is designated as the action that each unlabelled software entity of being stored on the subscriber equipment will be carried out.

74. monitor center comprises:

The software data of mark; With

The proving program of carrying out at the monitor center processor;

Surveillance center regularly carries out the label that calling procedure receives software entity via interconnection mechanism, the software database that proving program contrast is maintained in the mark on the monitor center checks that each label that receives guarantees that these labels meet at least one usage monitoring rules, and proving program transmits continuity message by interconnection mechanism indicate the action that will carry out on the use of the software entity relevant with each label of receiving of monitor center in the middle of the calling procedure is attempted.

75. 4 described monitor centers according to claim 7, it is relevant with each entity of software wherein having a usage monitoring rules at least, has at least a label relevant with this software entity.

76. 4 described monitor centers wherein have at least a usage monitoring rules relevant with subscriber equipment according to claim 7, monitor center and this communications of user equipment receive label.

77. 4 described monitor centers according to claim 7, it is relevant with the unique user of subscriber equipment wherein having a usage monitoring rules at least, and monitor center and this telex network receive label.

78. 4 described monitor centers according to claim 7, wherein monitor center is safeguarded tag data structure for each label relevant with each software entity on the subscriber equipment in the software database of mark, reception is from the label relevant with software entity of the new establishment of tag server, also further receives relevant with the software entity that uses on the subscriber equipment from the label in the label list of subscriber equipment.

79. 8 described monitor centers according to claim 7, wherein each tag data structure comprises the label of at least one software entity, the title of software entity, the unique number of software entity, hash function value on the software entity, the usage monitoring rules relevant with software entity is with the set of quoting of the relevant call record of the label relevant with described software entity.

80. 9 described monitor centers according to claim 7, wherein each the call record representative information in the call record set relates to a calling procedure, comprise at least one call time, in the middle of calling procedure, send the gauge outfit of the label list of monitor center to, indicate the last call time of the timestamp of a front calling procedure, in the middle of calling procedure, send the hash function value of the label list of monitor center to, and the action in the continuity message relevant with this calling procedure of being included in that will carry out on the subscriber equipment.

81. monitor center comprises:

The finger print data structure; With

Carry out the processor of proving program;

Proving program is regularly carried out calling procedure is received the software entity that uses on the subscriber equipment by interconnection mechanism by subscriber equipment fingerprint, each fingerprint that receives of proving program contrast finger print data structure inspection is judged the whether infringement entity of software of the unlabelled software entity that uses on the subscriber equipment, if so, proving program is prepared the punitive action will carry out on subscriber equipment.

82. 1 described monitor center according to claim 8, wherein all agential softwares were carried out finger prints processing, detected an agential software to the infringement of the agential software of another one based on the method for at least one identical address or general address fingerprint detection.

83. 1 described monitor center according to claim 8, if wherein proving program detects and have working majority purpose coupling between the fingerprint in the finger print data structure and the fingerprint that receives, proving program is specified the punitive action that will carry out, proving program transmits continuity message, the punitive action that the indication of continuity message will be carried out recipient one side who continues message.

84. 3 described monitor centers according to claim 8, wherein abundant number is 1.

85. 3 described monitor centers according to claim 8, wherein abundant number is greater than 1.

86. 5 described monitor centers according to claim 8, wherein the abundant number weighted sum that is used as coupling calculates, and at this, the weights of each coupling are determined by the fingerprint of coupling.

87. 3 described monitor centers according to claim 8, the fingerprint detection of wherein fingerprint matching technology general address.

88. 3 described monitor centers according to claim 8, wherein punitive action designated recipient forbidding.

89. 3 described monitor centers according to claim 8, wherein punitive action designated software entity should be under an embargo, and this software entity is relevant with the fingerprint that fingerprint in the finger print data structure is complementary.

90. 1 described monitor center according to claim 8, wherein proving program receive the copy of infringement software entity by interconnection mechanism and on the copy of this unlabelled infringement software entity calculated fingerprint, the combination fingerprint also is stored in them in the finger print data structure.

91. tag server, receive the copy of appointment of agent software and produce many labels, the corresponding software entity of label, the software entity of each this label association of label unique identification, each label comprises at least one dbase relevant with this label, the relevant unique number of label therewith, and the hash function value of calculating at the part software entity that label is relevant therewith.

92. 1 described tag server further comprises a data signature mechanism according to claim 9, is used to digital signature label and safe Transport label to the recipient who has a mind to.

93. the method for a monitoring software usage may further comprise the steps:

Create a software entity;

Create and the unique relevant label of software entity;

Distributing software entity and secure distribution label to subscriber equipment and receive software entity and subscriber equipment on respective labels;

Detect the use attempt of software entity on the subscriber equipment;

Decide the use software entity whether to allow by the state of judging the label relevant with the software entity that will use.

94. 3 described methods according to claim 9, wherein the step of establishing label comprises:

Distribute unique number to software entity;

First hash function value of software for calculation entity part content;

Second hash function value of software for calculation entity, second hash function value be in conjunction with dbase, software entity unique number and first hash function value;

Calculate and the unique relevant label of software entity, label comprises dbase, second hash function value of software entity unique number.

95. 4 described methods according to claim 9, the step of wherein calculating label produce signature by Applied Digital signature function to the second a hash function value and this signature is included in the label that creates a digital signature in the label.

96. 3 described methods are according to claim 9 wherein distributed label and are comprised to the step of subscriber equipment and use public encryption technical security ground to distribute label to ageng merchant and subscriber equipment.

97. 3 described methods according to claim 9 wherein receive this software entity and may further comprise the steps:

Obtain software entity at subscriber equipment;

Wherein the step at subscriber equipment reception label comprises:

Obtain the label relevant with software entity at subscriber equipment safely;

Judge whether the label relevant with software entity be signed, if, the signature of verifying on the hash function value in the checking label, if the signature verification on this hash function value is passed through, mounting software on subscriber equipment, if the label relevant with this software entity be signature not, mounting software entity on subscriber equipment.

98. 3 described methods according to claim 9, wherein:

Detection has the step of the attempt of using software entity at subscriber equipment:

Monitoring programme on the excited users equipment is intercepted and captured the request that the user uses this software entity;

The step that wherein determines whether the attempt of this software entity of approval use comprises:

Determine whether the needs calling procedure according to calling out rule, if it is carry out following three steps:

Carry out the usage monitoring rules of calling procedure checking authenticity and the judgement label relevant with software entity;

Upgrade label information based on the result who calls out at subscriber equipment;

Check that the status information relevant with label determines whether the software entity that allows use and be correlated with label.

99. 8 described methods according to claim 9, the step of wherein carrying out calling procedure comprises:

Transmit the label list that stores the label relevant with software entity from subscriber equipment;

Wait for receiving the continuity message that returns to subscriber equipment that this message is the action that each the label indication in the label list will be carried out.

100. 8 described methods according to claim 9, further comprise checking directed this equipment of continuation of message and historical record therewith the historical record on the equipment be consistent.

101. 8 described methods according to claim 9, the step of wherein carrying out calling procedure is:

Reception comprises the label list of the label relevant with software entity,

The label that receives in the software database inspection tag table of contrasting marking meets at least one usage rule to guarantee the label in the label list;

When the use attempt that detects the software entity relevant with each label, transmit continuity message, the action that this message equipment for indicating user will be carried out.

102. 1 described method according to claim 10 wherein continues message and comprises:

Receive the monitoring programme identifier of the monitoring programme of continuity message;

The time of continuity message;

Follow the coded message of the label gauge outfit of device call.

103. the method for a monitoring software use comprises:

Detection is used unlabelled software entity at subscriber equipment;

The fingerprint that establishment and storage are relevant with unlabelled software entity on the subscriber equipment;

The attempt of unlabelled software entity is used in detection at subscriber equipment; And

Whether the use attempt of judging software entity by the finger print data structure of relatively more relevant with unlabelled software entity fingerprint and infringement fingerprint is effective, if find that fingerprint matching is arranged, then bans use of unlabelled software entity.

104. 3 described methods according to claim 10 further comprise following steps:

The software entity of detection usage flag on subscriber equipment;

The fingerprint that the software entity of the mark on establishment and storage and the subscriber equipment is relevant;

The attempt of detection software entity of usage flag on subscriber equipment; And

Whether the use attempt of judging software entity by the finger print data structure of relatively more relevant with the software entity of mark fingerprint and infringement fingerprint is effective, if find that fingerprint matching is arranged, then bans use of the software entity of mark.

105. 3 described methods according to claim 10 further comprise following steps:

Survey infringement software by the ageng commodity inspection;

Submit the copy of this infringement software to monitor center; And

Monitor center calculate this infringement software fingerprint, the combination fingerprint and with fingerprint storage in the finger print data structure.

106. the method for a unique identification software entity comprises following steps:

Obtain software entity;

Distribute title to software entity;

For software entity distributes unique number, this unique number is different from any unique number of other entity of distributing to same software;

Partial content at software entity calculates the hash function value;

The title of series connection software entity, the hash function value that the numbering of software entity and first calculate is calculated second hash function value and is produced unsigned hash function value, and this value is unique to software entity;

Use key to sign to the hash function value of not signing name, produce the hash function value of signature for software entity; And

Create the label of this software entity of unique identification that software entity is relevant therewith, this label comprises the cryptographic Hash of the signature of software entity, the title of software entity, the numbering of software entity, and the unsigned cryptographic Hash of software entity.

107. 6 described methods according to claim 10, wherein obtain software entity and distribute the step of title to be carried out by the ageng merchant to software entity, distribute unique number to software entity, calculate first and second hash function value, give second cryptographic Hash signature, and establishing label is carried out by tag server.

108. the computer read-only medium by instruction encoding is carried out following steps when these instructions are read or moved to processor:

Detect the request of using software entity;

Judge with the corresponding label of software entity and whether have this software entity correlation behavior of the use of permission; And regularly carry out the authenticity of calling procedure checking label and guarantee to meet the usage monitoring rules with the use of the corresponding software entity of label.

109. procreation signal that on communication media, transmits by carrier, this signal carries the label list data structure of encoding, this label list data structure comprises at least one and a unique relevant label of software entity, also comprise the field that at least one is relevant with label in the label list, at least one indicates the use state of a control of the software entity that label is relevant therewith.

110. procreation signal that on communication media, transmits by carrier, this signal carries the continuity message of encoding, this continuity message comprises the action that the recipient that indicate this signal will carry out, and the condition of action executing is to attempt in the use that the recipient detects the software entity relevant with these actions.

111. a method of guaranteeing that software program was not modified may further comprise the steps:

Calculate without the hash function value of calling in the content of software program;

Relatively come result of determination whether identical without the result of the hash function value of calling and the result of the previous cryptographic Hash that keeps, indicate thus software program whether to be changed.

112. 1 described method according to claim 11, wherein to calculate without another name hash function value and software program be exactly monitoring programme to operating system.

113. a method of guaranteeing that data are not modified, the method are to compare by calculating without the hash function value of calling in these data and will being worth with the functional value that calculated in the past.

114. 3 described methods according to claim 11, wherein monitoring programme is calculated the data of using without hash function value and its of another name.

115. described according to claim 19, wherein all message between monitor center and subscriber equipment are with the secured fashion transmission.

116. 5 is described according to claim 11, wherein secured fashion comprises public-key encryption.

117. described system according to claim 38 is wherein without repeating to number the value that further is based at least one memory address.

118. 0 described monitor center according to claim 8, wherein the monitor center inspection record in the continuity message from last call time of equipment whether be recorded in monitor center on call time of the last call record of relevant this equipment be complementary.

119. the system of a monitoring software usage comprises:

The ageng merchant produces software entity;

Subscriber equipment receives and the mounting software entity,

This subscriber equipment comprises monitoring programme,

Use unlabelled software entity at this subscriber equipment;

Wherein monitoring programme detects the use of unlabelled software entity, carries out finger prints processing at unlabelled software entity, in this subscriber equipment storage finger prints processing result.

120. 9 described systems according to claim 11, wherein the monitoring programme of subscriber equipment is further carried out finger prints processing at unlabelled software entity, the finger prints processing result store in the fingerprint table on this subscriber equipment.

121. 0 described system according to claim 12, the wherein calculated address of monitoring programme storage fingerprint.

122. 0 described system according to claim 12, wherein fingerprint is based on the content of software entity.

123. 0 described system according to claim 12, wherein fingerprint is based on the known array of the behavior of software entity.

124. 0 described system according to claim 12 further comprises:

Monitor center comprises:

The finger print data structure; With

Proving program;

Monitor center regularly receives all fingerprints from the relevant software entity that uses at this subscriber equipment of subscriber equipment, the software entity whether each software entity that uses at subscriber equipment from the fingerprint judgement of subscriber equipment of proving program contrast finger print data structure comparison encroaches right by calling procedure and user equipment contact.

125. 4 described systems according to claim 12, if wherein proving program detect the fingerprint in the finger print data structure of monitor center and the fingerprint of the subscriber equipment that receives between coupling greater than the coupling that specifies number, proving program is specified the punitive action that will carry out, and proving program returns continuity message to subscriber equipment, the punitive action that continuity message will be carried out on subscriber equipment.

126. 5 described systems according to claim 12, wherein fingerprint matching process are one in the fingerprint matching of general address or identical address at least.

127. 5 described systems according to claim 12, wherein inverted monitor center fingerprint table is used in fingerprint matching.

128. 5 described systems according to claim 12, wherein punitive action designated user equipment can not be used within the time period of appointment.

129. 5 described systems according to claim 12, wherein the punitive action specifies the software entity relevant with the fingerprint that is complementary of fingerprint in the monitor center finger print data structure can not be used within the time period of appointment.

130. 5 described systems according to claim 12, wherein following at least a combination is depended in the punitive action: the historical record of subscriber equipment behavior, the historical record of the specific user's behavior on the subscriber equipment also has the set of other software on the subscriber equipment.

131. 4 described systems according to claim 12, wherein the ageng merchant transmits the copy of infringement software entity to Surveillance center, Surveillance center is calculated fingerprint on the copy of this infringement software entity, and the combination fingerprint also is stored in fingerprint in the finger print data structure of monitor center.

132. ageng the merchant comprise:

The software production mechanism is made the software entity of at least one unit equipment identifier in test,

Subscriber equipment receives and the mounting software entity,

Test comprises identifier and the device identifier of comparison combination, and software entity uses at this equipment;

If combination identifiers and device identifier equate, allow so to use software entity, otherwise the monitoring programme on the equipment is carried out the punitive action.

133. 2 described ageng merchants according to claim 13, wherein the ageng merchant send software entity Hash digital signature and

Whether second test judgement digital signature be true,

Whether the value of the 3rd test judgement signature is equal with the Hash of software entity,

If wherein digital signature is that value false or signature is different from software entity, the monitoring programme on the equipment is carried out the punitive action so.

134. 1 described ageng merchant according to claim 13, wherein device identifier is combined in beginning or the ending of the content of software entity.

135. the method for a monitoring software usage comprises:

Make the software entity of unit equipment identifier in test, test comprises identifier and the device identifier of comparison combination, and software entity uses at this equipment;

Give subscriber equipment distributing software entity;

Use the attempt of software entity whether to allow by carrying out this test judgement, allow to use this software entity if the identifier of combination and device identifier equate, otherwise carry out the punitive action.

136. 5 described methods according to claim 13 comprise other step:

Send the digital signature of the Hash of software entity;

Judge whether digital signature is true;

Whether the value of judging signature is equal with the Hash of software entity,

If wherein digital signature is that value false or signature is different from software entity, monitoring programme is carried out the punitive action so.

137. 5 described methods according to claim 13 are wherein at beginning or the ending place place apparatus identifier of software entity.